Methods and apparatus to identify session users with cookie information
US-9467519-B2 · Oct 11, 2016 · US
Cookie based session timeout detection and management
US10645177B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10645177-B2 |
| Application number | US-201715491397-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 19, 2017 |
| Priority date | Apr 19, 2017 |
| Publication date | May 5, 2020 |
| Grant date | May 5, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method, computer system, and a computer program product for detecting a session status based on a cookie associated with the session is provided. The present invention may include receiving an access request to a specified location associated with a server computer. The present invention may also include determining that the received access request has the cookie corresponding with the specified location. The present invention may also include receiving a last refresh time from the cookie. The present invention may then include determining the session status based on the retrieved last refresh time, a current request time, a refresh interval, and an overdue value.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for detecting a session status based on a cookie associated with the session, the method comprising: receiving, by a server computer, an access request to a specified location associated with the server computer; determining, by the server computer, that the received access request has the cookie corresponding with the specified location, wherein the cookie is symmetrically or unsymmetrically encrypted, and wherein the server computer holds a cryptographic key to decrypt the cookie; determining, by the server computer, that the server computer cannot decrypt the cookie corresponding with the specified location; performing, by the server computer, a reauthentication process to obtain a unique session identifier, wherein the unique session identifier is comprised of a string of numbers specific to a client computer; generating, by the server computer, a new cookie based on obtaining the unique session identifier, wherein the new cookie contains a last refresh time set by the server computer, wherein the last refresh time is encrypted in the new cookie to prevent a fake instance of the client computer, and wherein the last refresh time is not saved on the server computer; storing, on and by the server computer, a refresh interval value representing a period of time in which the specified location associated with the server computer may idle, and an overdue value representing a period of time which exceeds an idle time and which may not require the reauthentication process, wherein the last refresh time is updated when the overdue value is reached; and sending, by the server computer, the new cookie to the client computer. 2. The method of claim 1 , further comprising: retrieving, by the server computer, the last refresh time from the new cookie; and determining, by the server computer, the session status based on the retrieved last refresh time, a current request time, a refresh interval value, and the overdue value. 3. The method of claim 2 , further comprising: querying, by the server computer, the current request time; decrypting, by the server computer, the new cookie to obtain the last refresh time contained within the new cookie; and retrieving, by the server computer, the refresh interval value and the overdue value. 4. The method of claim 2 , wherein determining the session status based on the retrieved last refresh time, a current request time, the refresh interval value and the overdue value further comprises: determining, by the server computer, that the session expired based on calculating that a difference value corresponding to the current request time and the last refresh time is greater than or equal to an aggregate value corresponding to the refresh interval value and the overdue value. 5. The method of claim 4 , wherein determining that the session expired further comprises: generating, by the server computer, a second new cookie; setting, by the server computer, the last refresh time; and saving, by the server computer, the refresh interval value and the overdue value. 6. The method of claim 2 , wherein determining the session status based on the retrieved last refresh time, a current request time, the refresh interval value and the overdue value further comprises: determining, by the server computer, that the session is valid based on calculating that a difference value corresponding to the current request time and the last refresh time is not greater than or equal to an aggregate value corresponding to the refresh interval value and the overdue value; determining, by the server computer, that the difference value is not greater than or equal to the refresh interval value based on determining that the session is valid. 7. The method of claim 2 , wherein determining the session status further comprises: determining, by the server computer, that the session is valid based on calculating that a difference value corresponding to the current request time and the last refresh time is not greater than or equal to an aggregate value corresponding to the refresh interval value and the overdue value; determining, by the server computer, that the difference value is greater than or equal to the refresh interval value based on determining that the session is valid; altering, by the server computer, the new cookie with an updated last refresh time based on determining that the difference value is greater than or equal to the refresh interval value; and sending, by the server computer, the altered new cookie to a client computer. 8. A computer system for detecting a session status based on a cookie associated with the session, comprising: one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage medium, and program instructions stored on at least one of the one or more tangible storage medium for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is capable of performing a method comprising: receiving, by a server computer, an access request to a specified location associated with the server computer; determining, by the server computer, that the received access request has the cookie corresponding with the specified location, wherein the cookie is symmetrically or unsymmetrically encrypted, and wherein the server computer holds a cryptographic key to decrypt the cookie; determining, by the server computer, that the server computer cannot decrypt the cookie corresponding with the specified location; performing, by the server computer, a reauthentication process to obtain a unique session identifier, wherein the unique session identifier is comprised of a string of numbers specific to a client computer; generating, by the server computer, a new cookie based on obtaining the unique session identifier, wherein the new cookie contains a last refresh time set by the server computer, wherein the last refresh time is encrypted in the new cookie to prevent a fake instance of the client computer, and wherein the last refresh time is not saved on the server computer; storing, on and by the server computer, a refresh interval value representing a period of time in which the specified location associated with the server computer may idle, and an overdue value representing a period of time which exceeds an idle time and which may not require the reauthentication process, wherein the last refresh time is updated when the overdue value is reached; and sending, by the server computer, the new cookie to the client computer. 9. The computer system of claim 8 , further comprising: retrieving, by the server computer, the last refresh time from the new cookie; and determining, by the server computer, the session status based on the retrieved last refresh time, a current request time, a refresh interval value, and the overdue value. 10. The computer system of claim 9 , further comprising: querying, by the server computer, the current request time; decrypting, by the server computer, the new cookie to obtain the last refresh time contained within the new cookie; and retrieving, by the server computer, the refresh interval value and the overdue value. 11. The computer system of claim 9 , wherein determining the session status based on the retrieved last refresh time, a current request time, the refresh interval value and the overdue value further comprises: determining, by the server computer, that the session expired based on calculating that a difference value corresponding to the current request time and the last refresh time is greater than or equal to an aggregate value corresponding to the refresh
Assignees
Inventors
Classifications
- H04L67/146Primary
Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding · CPC title
wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for public-key encryption H04L9/30) · CPC title
for remote control or remote monitoring of applications · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10645177B2 cover?
- A method, computer system, and a computer program product for detecting a session status based on a cookie associated with the session is provided. The present invention may include receiving an access request to a specified location associated with a server computer. The present invention may also include determining that the received access request has the cookie corresponding with the specif…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L67/146. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 05 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).