Browse Prior Art Database

A method for user notification and session management for concurrent logins from a single web account

IP.com Disclosure Number: IPCOM000012889D
Original Publication Date: 2003-Jun-06
Included in the Prior Art Database: 2003-Jun-06
Document File: 4 page(s) / 50K

Publishing Venue

IBM

Abstract

Disclosed is a method for the web server to manage sessions based on user's decision by notifying the user of the multiple logins and potential problems.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 62% of the total text.

Page 1 of 4

  A method for user notification and session management for concurrent logins from a single web account

Web applications are generally designed to handle concurrent accesses from multiple users. For a collective account (such as a family bank account), multiple owners/administrators may login using same user ID concurrently from different machines. For a single-user account, the user may login using same user ID from different browsers or machines before the previous logins are invalidated (user explicit logoff or session timeout). These may lead to discrepancy between user session and login session. A user session may be virtually across several login sessions. This may cause session state overwrite for a collective account or potential security problem for single-user account without user awareness. In this disclosure, the web server maintains a session table. Each entry in the table represents a single login and stores session ID, user ID, other session information such as creation time and last access time, as well as user agent information (such as host, browser type, encoding). For each successful new login, the web server checks the session table. If one or more entries (sessions) already exist for the user ID, the web server builds a notification page which contains the number of existing logins, activities (such as the first login time and last access time) and potential problems from further user action, and provides choices (such as "join existing sessio...