Pluggable authorization policies
US-2015089571-A1 · Mar 26, 2015 · US
Cookie based session management
US9866640B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9866640-B2 |
| Application number | US-201414491076-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 19, 2014 |
| Priority date | Sep 20, 2013 |
| Publication date | Jan 9, 2018 |
| Grant date | Jan 9, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An enterprise software system access manager saves cookies for users' sessions on client devices but creates server-side sessions on the fly when needed for the users to access certain features, when there is a constraint on the client device, or due to application policies. The server-side session objects can have references to the client-side cookies and can have key-value pairs added to them instead of the associated cookie.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for managing sessions in an enterprise environment, the method comprising: based on authenticating a client device to access a first application in a computing environment, generating, by a computer system of an access management system, a session cookie that enables the client device to access a feature of a first application in the computing environment, wherein access to the feature of the first application is enabled without establishing a server-based session for the client device in the computing environment; sending the session cookie to the client device, wherein the client device stores the session cookie to enable the client device to access the feature of the first application; receiving, at the computer system, a request for the client device to access a feature of a second application in the computing environment; determining, with one or more processors associated with the computer system, whether access to the feature of the second application is dependent on establishing a server-side session for the client device in the computing environment; based on determining that the client device is authenticated to access the second application according to the session cookie and based on determining that access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment, instantiating, with the one or more processors associated with the computer system, a server-side session object to establish the server-side session for the client device in the computing environment, wherein the server-side session object enables the client device to access the feature of the second application in the computing environment; updating, with the one or more processors associated with the computer system, the server-side session object to include an identifier associated with the session cookie that is stored on the client device; generating with the one or more processors associated with the computer system, a response to the request based on enabling access to the feature of the second application using the server-side session object; and sending the response to the client device. 2. The method of claim 1 wherein determining whether access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment comprises determining whether access to the feature of the second application is controlled based on an configurable policy. 3. The method of claim 2 wherein the configurable policy includes a security policy. 4. The method of claim 2 wherein the configurable policy includes a resource usage policy. 5. The method of claim 1 wherein determining whether access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment comprises determining that access to the feature of the second application is based on a limit of concurrent users accessing the feature of the second application. 6. The method of claim 1 wherein determining whether access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment comprises determining that access to the feature of the second application is based on a time limit on a session for accessing the feature of the second application. 7. The method of claim 1 wherein determining whether access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment comprises determining that access to the feature of the second application is based on an amount of data to be stored for the feature of the second application and an amount of memory available on the client device. 8. The method of claim 1 further comprising: updating, with the one or more processors associated with the computer system, the server-side session object with state information associated with the feature of the second application. 9. A non-transitory computer-readable medium storing a computer program product which, when executed by a processor of a computer system, causes the processor to: based on authenticating a client device to access a first application in a computing environment, generate, by an access management system, a session cookie that enables the client device to access a feature of a first application in a computing environment, wherein access to the feature of the first application is enabled without establishing a server-based session for the client device in the computing environment; send the session cookie to the client device, wherein the client device stores the session cookie to enable the client device to access the feature of the first application; receive a request for the client device to access a feature of a second application in the computing environment; determine whether access to the feature of the second application is dependent on establishing a server-side session for the client device in the computing environment; based on determining that the client device is authenticated to access the second application according to the session cookie and based on determining that access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment, instantiate a server-side session object to establish the server-side session for the client device in the computing environment, wherein the server-side session object enables the client device to access the feature of the second application in the computing environment; update the server-side session object to include an identifier associated with the session cookie that is stored on the client device; generate a response to the request based on enabling access to the feature of the second application using the server-side session object; and send the response to the client device. 10. The non-transitory computer-readable medium of claim 9 wherein determining whether access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment includes determining whether access to the feature of the second application is controlled based on a configurable policy. 11. The non-transitory computer-readable medium of claim 10 wherein the configurable policy includes a security policy. 12. The non-transitory computer-readable medium of claim 10 wherein the configurable policy includes a resource usage policy. 13. The non-transitory computer-readable medium of claim 9 wherein determining whether access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment includes determining that access to the feature of the second application is based on a limit of concurrent users accessing the feature of the second application. 14. The non-transitory computer-readable medium of claim 9 wherein determining whether access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment includes determining that access to the feature of the second application is based on a time limit on a session for accessing the feature of the second application. 15. The non-transitory computer-readable medium of claim 9 wherein determining whether access to the feature of the second application is dependent on establishin
Assignees
Inventors
Classifications
Session management (for real-time applications in data packet communications networks H04L65/1066) · CPC title
Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding · CPC title
using one-time-passwords · CPC title
providing single-sign-on or federations · CPC title
- H04L67/148Primary
Migration or transfer of sessions · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9866640B2 cover?
- An enterprise software system access manager saves cookies for users' sessions on client devices but creates server-side sessions on the fly when needed for the users to access certain features, when there is a constraint on the client device, or due to application policies. The server-side session objects can have references to the client-side cookies and can have key-value pairs added to them…
- Who is the assignee on this patent?
- Oracle Int Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L67/148. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 09 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).