Access manager session management strategy

What is claimed is: 1 . A method comprising: using information about the user obtained from an identity data store and based on authentication of the user for access to one or more resources, establishing, by a computer system of an access management system, a session for a user of a device to access one or more resources, wherein session information is generated for one or more attributes of the session; storing the information about the user in a data store of the access management system, wherein the information is associated with an identifier, and wherein the information includes user access information; sending, by the computer system, to the device, a response about the session that is established, wherein the response includes the session information, the identifier, and the user access information; receiving, at the computing system, from the device, a request for access to a resource, the request including the session information, the identifier, and the user access information; accessing, from the data store, based on the identifier and the user access information, the information about the user; determining, based on the session information and the information accessed from the data store, the session established for the user; based on authorization of the user to access the resource, providing the user at the device with access to the resource based on the determined session; updating the session information based on the access to the resource using the session; and sending, by the computer system, the updated session information to the device. 2 . The method of claim 1 , further comprising: receiving, by the computer system, from the device, a first request by the user to access the one or more resources at the device, wherein the request is a second request. 3 . The method of claim 1 , wherein the information about the user includes user identity information. 4 . The method of claim 1 , wherein the session information includes one or more of a list of partners accessed in session, an Internet protocol (IP) address of the device, an authentication level of the session, an authentication scheme of the session, an authentication timestamp of the session, or application domain information for one or more accessed resources using the session. 5 . The method of claim 1 , wherein the data store is implemented as a cache accessible in a distributed manner to the access management system. 6 . The method of claim 1 , wherein the response includes an access token, and wherein the request includes the access token sent in the response to the device. 7 . The method of claim 1 , wherein the identifier indicates an identification of the data store, and wherein the user access information includes a domain name of the user. 8 . The method of claim 1 , further comprising: based on the information accessed about the user, determining that access by the session is locked; and denying the user at the device with access to the resource based on the determined session. 9 . The method of claim 1 , wherein the request is a first request, wherein the session is a first session, wherein the device is a first device, wherein the session information is first session information, and wherein the method further comprises: establishing a second session for the user to access the resource at a second device; sending, by the computer system, to the second device, a response about the second session that is established, wherein the response includes second session information, the identifier, and the user access information; receiving, from the second device, a second request for access to the resource, the request including the second session information, the identifier, and the user access information; accessing, from the data store, based on the identifier and the user access information in the second request, the information about the user; determining, based on the second session information and the information accessed from the data store, the second session established for the user; based on authorization of the user to access the resource, providing the user at the second device with access to the resource based on the determined second session; updating the second session information based on the access to the resource using the second session; and sending, by the computer system, the updated second session information to the second device. 10 . The method of claim 9 , further comprising: determining, based on the information about the user, that access by the second session is locked; denying the user at the second device with access to the resource based on the determined second session. 11 . The method of claim 1 , wherein the request is a first request, wherein the resource is a first resource, and wherein the method further comprises: receiving, by the computer system, a second request by the user at the device to access a second resource, the second request including the session information, the identifier, and the user access information; accessing, from the data store, based on the identifier and the user access information in the second request, the information about the user; determining, based on the session information and the information accessed from the data store, the session established for the user; based on authorization of the user to access the second resource, providing the user at the device with access to the second resource based on the determined session; updating the session information based on the access to the second resource using the session; and sending, by the computer system, to the device, the updated session information based on the access to the second resource. 12 . The method of claim 11 , further comprising: determining that access to the second resource is based on additional authentication of the user; wherein the session information is updated for the second resource to indicate the additional authentication. 13 . A system comprising: one or more processors; and a memory accessible to the one or more processors, the memory storing one or more instructions that, upon execution by the one or more processors, causes the one or more processors to: using information about the user obtained from an identity data store and based on authentication of the user for access to one or more resources, establish, by an access management system, a session for a user of a device to access one or more resources, wherein session information is generated for one or more attributes of the session; store the information about the user in a data store of the access management system, wherein the information is associated with an identifier, and wherein the information includes user access information; send, to the device, a response about the session that is established, wherein the response includes the session information, the identifier, and the user access information; receive, from the device, a second request for access to a resource, the request including the session information, the identifier, and the user access information; access, from the data store, based on the identifier and the user access information, the information about the user; determine, based on the session information and the information accessed from the data store, the session established for the user; based on authorization of the user to access the resource, provide the user at the device with access to the resource based on the determined session; update the session information based on the access to the resource using the session; and send the updated session information to the device.