Method and apparatus for single sign-off using cookie tracking in a proxy
First Claim
Patent Images
1. A method, operative at an intermediary between a client browser and one or more backend applications during an existing authenticated session with a user operating the client browser, the method comprising:
- responsive to forwarding a request to a backend application during the existing authenticated session, receiving a response that includes a cookie;
tracking the cookie by storing information about the cookie in a per-user session cache object associated with the existing authenticated session;
forwarding the cookie to the client browser;
responsive to receiving a log out of the existing authenticated session, making a determination whether to expire the cookie tracked in the per-user session cache object; and
based on the determination, expiring the cookie tracked in the per-user session cache object.
1 Assignment
0 Petitions
Accused Products
Abstract
An intermediary (such as a web reverse proxy), which is located between a web browser and one or more backend applications, manages cookies that are provided by the backend applications and returned to the web browser during a user session. When a session sign-off event is initiated in the reverse proxy, HTTP “Set-Cookie” headers are sent back to the web browser to destroy the cookies (in the browser) that represent sessions with the one or more backend application(s).
11 Citations
24 Claims
-
1. A method, operative at an intermediary between a client browser and one or more backend applications during an existing authenticated session with a user operating the client browser, the method comprising:
-
responsive to forwarding a request to a backend application during the existing authenticated session, receiving a response that includes a cookie; tracking the cookie by storing information about the cookie in a per-user session cache object associated with the existing authenticated session; forwarding the cookie to the client browser; responsive to receiving a log out of the existing authenticated session, making a determination whether to expire the cookie tracked in the per-user session cache object; and based on the determination, expiring the cookie tracked in the per-user session cache object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. Apparatus positioned between a client browser and one or more backend applications, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method during an existing authenticated session with a user operating the client browser, the method comprising; responsive to forwarding a request to a backend application during the existing authenticated session, receiving a response that includes a cookie; tracking the cookie by storing information about the cookie in a per-user session cache object associated with the existing authenticated session; forwarding the cookie to the client browser; responsive to receiving a log out of the existing authenticated session, making a determination whether to expire the cookie tracked in the per-user session cache object; and based on the determination, expiring the cookie stored in the per-user session cache object. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer program product in a non-transitory computer readable medium for use in a data processing system positioned between a client browser and one or more backend applications, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method during an existing authenticated session with a user operating the client browser, the method comprising:
-
responsive to forwarding a request to a backend application during the existing authenticated session, receiving a response that includes a cookie; tracking the cookie by storing information about the cookie in a per-user session cache object associated with the existing authenticated session; forwarding the cookie to the client browser; and responsive to receiving a log out of the existing authenticated session, making a determination whether to expire the cookie tracked in the per-user session cache object; and based on the determination, expiring the cookie stored in the per-user session cache object. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
Specification