Browse Prior Art Database

System and Method for keeping session alive across multiple servers

IP.com Disclosure Number: IPCOM000236640D
Publication Date: 2014-May-07
Document File: 7 page(s) / 245K

Publishing Venue

The IP.com Prior Art Database

Abstract

This article describes a way to synchronize session lifecycles of different web applications.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 37% of the total text.

Page 01 of 7

System and Method for keeping session alive across multiple servers

In a SSO environment, a group of applications may run on different servers while they're sharing the same user authentication system so that end user only needs to login once to access all of the applications. And in many cases, these related applications are combined in one portal and appears to be one application to the end user. For example, in a centralized HR management portal, the vacation sub system and the hiring sub system might be running on different application servers while they appears to be one app to the user.

However, the session lifecycle of these applications are not synchronized. So there are cases when one user keep actively using app A, but his session are timed out on app B. Because App A and B appears to be part of a big app to user, this unexpected session time out will be confusing for user.

Another prior art to solve the problem is: http://www.google.com.hk/patents/EP2320601A1?cl=en&dq=session+timeout&hl=zh-CN&sa=X&ei=pGe5Uf2dDsHP0wHF-4GwCA&ved=0CDY Q6AEwAA

It adapts the session time out value dynamically as below


1. First it count all user connection to the site regularly. like 15000 user are connected since last check

2. Second it count all timed out sessions since last check

3. It use the number of timed out session divide the total connected user to get a rate of timed out users.

4. if this rate is then compared with a predefined value like 5-10% , if it

10% (upper bound), the server will change the time out setting to a longer one.

This invention describes a way to keep track of the active users for a group of related applications running on different servers, and spread the user active user info to downstream servers to keep the respective sessions active.

There are already several session persistence or session replication technologies available. For session persistence, in a server cluster, we could use a distributed cache system to hold all session data for each node in the cluster, thus the entire server cluster will share the same session data.

For session replication, in a server cluster, all nodes will replicate session data with each other on a regular basis.

However, neither session replication nor session persistence solution can solve the problem we described above. First, session replication requires the server nodes are actually running the same application on same type of application server. While in the scene we need a solution

which can synchronize different applications on different type of application servers. Secondly, the session replication will consume significant more memory resource which is too expensive if we only want to keep two servers session lifecycle synchronized.

1


Page 02 of 7

Reverse Proxy to keep track of user access info
This invention will add a reverse proxy server component in today's SSO environment. The reverse proxy server could be implemented as part of the common reverse proxy implementa...