Method and system for global logoff from a web-based point of contact server

The invention claimed is: 1. A method, operative at an apparatus, the apparatus comprising a processor, and computer memory holding computer program instructions that when executed by the processor comprise a point of contact that serves as an intermediary between a client browser and one or more back end applications, wherein each back-end application sets its own server-side session management data for the point of contact that is distinct from any client-side session management data set by the point of contact and used by the point of contact to manage a user session, the method comprising: as a back end application returns a response to a first request that has been issued from the client browser, associating with the server-side session management data a validity stamp that is different from the server-side session management data set by the back end application and is useful to determine validity of the server-side session management data if the server-side session management data and the validity stamp are later received in association with a new request, the validity stamp being generated in part using a value that is one of: a unique identifier, and a pseudorandom number, the value being associated with a user session during which the first request is received, forwarding to the client browser the response together with the server-side session management data and the validity stamp, and saving the value for as long as the user session at the point of contact exists; and upon receipt of the new request that has associated therewith the server-side session management data and the validity stamp, determining (i) whether the validity stamp can be re-generated at least in part because the value is still saved at the point of contact and (ii) whether if re-generated the validity stamp is valid, and, if valid, removing the validity stamp from the server-side session management data and forwarding to the back-end application the new request, together with the server-side session management data. 2. The method as described in claim 1 wherein the server-side session management data is a data string set by a back-end application, and the validity stamp is derived as a given function of the data string. 3. The method as described in claim 2 wherein the given function is a hash of the data string concatenated with the value. 4. The method as described in claim 3 wherein the value is a one-time use value associated with the user session initiated from the client browser. 5. The method as described in claim 3 wherein the step of determining whether the validity stamp is valid evaluates whether the stamp can be re-created from the data string and the value for the user session. 6. The method as described in claim 1 wherein the point of contact is a reverse proxy. 7. The method as described in claim 1 wherein the point of contact is a server plug-in. 8. The method as described in claim 1 wherein the validity stamp is derived as a concatenation of the server-side session management data together with a cryptographic hash of given information, the given information being a serial encoding of the server-side session management data concatenated with the value. 9. A method, operative at an apparatus, the apparatus comprising a processor and computer memory holding computer program instructions that when executed by the processor comprise a point of contact that serves as an intermediary between a client browser and a one or more back end applications, wherein each back-end application sets its own server-side session management data for the point of contact that is distinct from any client-side session management data set by the point of contact and used by the point of contact to manage a user session initiated from the client browser, wherein server-side session management data is reuseable by a second end user through the client browser after a first end user has logged off, the method comprising: as the first end user interacts with the back end application during the user session, associating a validity stamp with the server-side session management data returned from the point of contact, the validity stamp being different from the server-side session management data set by the back end application and is useful to determine validity of the server-side session management data if the server-side session management data and the validity stamp are later received in association with a request from the second end user, the validity stamp being generated in part using a value that is one of: a unique identifier, and a pseudorandom number, the value being associated with the user session, the value being saved for as long as the user session with the first end user at the point of contact exists; and as the second end user interacts with the back end application after the first end user has logged off, using the validity stamp to determine whether the second user obtains access to the first end user's resources at the back-end application by (i) determining whether the validity stamp can be re-generated at least in part because the value is still saved at the point of contact and (ii) determining whether the validity stamp, if re-regenerated, is valid. 10. Apparatus, comprising: a manager component that serves as an intermediary between a client browser and one or more back end applications, wherein each back end application has the capability to set its own server-side session management data; and a computer readable medium having program code executed by a processor to perform the following method steps: as a back end application returns a response to a first request that has been issued from the client browser, associating with the server-side session management data a validity stamp that is different from the server-side session management data set by the back end application and is useful to determine validity of the server-side session management data if the server-side session management data and the validity stamp are later received in association with a new request, the validity stamp being generated in part using a value that is one of: a unique identifier, and a pseudorandom number, the value being associated with a user session during which the first request is received, forwarding to the client browser the response together with the server-side session management data and the validity stamp, and saving the value for as long as the user session at the point of contact exists; and upon receipt of the new request that has associated therewith the server-side session management data and the validity stamp, determining (i) whether the validity stamp can be re-generated at least in part because the value is still saved at the point of contact and (ii) whether if re-generated the validity stamp is valid and, if valid, removing the validity stamp from the server-side session management data and forwarding to the back-end application the new request, together with the server-side session management data. 11. The apparatus as described in claim 10 wherein the server-side session management data is a session cookie set by a back-end application, and the validity stamp is derived as a given function of the session cookie. 12. The apparatus as described in claim 11 wherein the given function is a hash of the session cookie concatenated with the value. 13. The apparatus as described in claim 12 wherein the value is a one-time use value associated with the user session initiated from the client browser. 14. The apparatus as described in claim 12 wherein the step of determining whether the validity stamp is valid evaluates whether the stamp can be re-crea