Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing
Reexamination Certificate
1999-06-30
2003-04-29
Voeltz, Emanuel Todd (Department: 2758)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
C709S228000
Reexamination Certificate
active
06557038
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field
The present invention relates generally to an improved data processing system and in particular to a method and apparatus for maintaining session states. Still more particularly, the present invention relates to a method and apparatus for handling session states over a distributed data processing system in which the protocol used is a stateless protocol.
2. Description of Related Art
The Internet, also referred to as an “internetwork”, is a set of computer networks, possibly dissimilar, joined together by means of gateways that handle data transfer and the conversion of messages from the sending network to the protocols used by the receiving network (with packets if necessary). When capitalized, the term “Internet” refers to the collection of networks and gateways that use the TCP/IP suite of protocols.
The Internet has become a cultural fixture as a source of both information and entertainment. Many businesses are creating Internet sites as an integral part of their marketing efforts, informing consumers of the products or services offered by the business or providing other information seeking to engender brand loyalty. Many federal, state, and local government agencies are also employing Internet sites for informational purposes, particularly agencies which must interact with virtually all segments of society such as the Internal Revenue Service and secretaries of state. Providing informational guides and/or searchable databases of online public records may reduce operating costs. Further, the Internet is becoming increasingly popular as a medium for commercial transactions.
Currently, the most commonly employed method of transferring data over the Internet is to employ the World Wide Web environment, also called simply “the Web”. Other Internet resources exist for transferring information, such as File Transfer Protocol (FTP) and Gopher, but have not achieved the popularity of the Web. In the Web environment, servers and clients effect data transaction using the Hypertext Transfer Protocol (HTTP), a known protocol for handling the transfer of various data files (e.g., text, still graphic images, audio, motion video, etc.). Information is formatted for presentation to a user by a standard page description language, the Hypertext Markup Language (HTML). In addition to basic presentation formatting, HTML allows developers to specify “links” to other Web resources identified by a Uniform Resource Locator (URL). A URL is a special syntax identifier defining a communications path to specific information. Each logical block of information accessible to a client, called a “page” or a “Web page”, is identified by a URL. The URL provides a universal, consistent method for finding and accessing this information, not necessarily for the user, but mostly for the user's Web “browser”. A browser is a program capable of submitting a request for information identified by a URL at the client machine. Retrieval of information on the Web is generally accomplished with an HTML-compatible browser. The Internet also is widely used to transfer applications to users using browsers. With respect to commerce on the Web, individual consumers and businesses use the Web to purchase various goods and services. In offering goods and services, some companies offer goods and services solely on the Web while others use the Web to extend their reach.
Internet workstations are connectionless-oriented socket clients or applications that connect to a server only long enough to retrieve an installment of data.
Once the data is retrieved, connectionless oriented socket applications generally disconnect until the next data transaction is initiated by the client. Connection oriented applications assume that the client maintains the connection to the server for the duration of the session. The client only disconnects when the session is being ended.
With connection-oriented applications, the identity and synchronization of both the client and server are known to both sides of the connection. Thus, it is taken for granted that the client is trusted and the data exchange is synchronized (in particular, the “current” or “active” application panel is known).
However, in connectionless-oriented applications, in which the Hypertext Transfer Protocol (HTTP) class of service belongs, this connection is not maintained, and thus the identity and synchronization of either the client or server, or both, may change unknown to the other side. This has the potential to result in “out-of-sync” data exchanges, and it is not known if the reconnecting client was the original session initiator. This could “break” an application or expose sensitive data to another, unauthorized client. Consequently, a need is present in the art to assure that once an application is started with a given web browser, another browser cannot come along and connect or “spoof” (that is, steal, or take over) that browser's connection and application.
HTTP is inherently a stateless protocol. As a result, a mechanism is used to keep the state for an application on a server. A common mechanism involves storing the session state for a fixed period of time. Typically, a daemon process checks the session state periodically. If the session state is older than a certain threshold, the session state is deleted. Problems are associated with such a mechanism in that if the threshold is too long, a security hole may occur. Alternatively, if the threshold is too short, the user must continually re-logon or reinitiate the session.
Therefore, it would be advantageous to have an improved method and apparatus for maintaining a session state over as stateless protocol, such as HTTP. It would be advantageous to have a method and apparatus to maintain a session state for as long as the user has the page up in the user's browser.
SUMMARY OF THE INVENTION
A method in a data processing system for maintaining a session through a stateless protocol. A page is received from a source through the stateless protocol. Responsive to a display of the page in the data processing system, an indication is sent to the source through the connectionless protocol in response to a periodic event, wherein the indication prevents a termination of the session at the source.
REFERENCES:
patent: 4941089 (1990-07-01), Fischer
patent: 5961601 (1999-10-01), Iyengar
patent: 6006266 (1999-12-01), Murphy, Jr. et al.
patent: 6006269 (1999-12-01), Phaal
patent: 6061741 (2000-05-01), Murphy, Jr. et al.
patent: 6076108 (2000-06-01), Courts et al.
patent: 6157944 (2000-12-01), Pedersen
patent: 6161125 (2000-12-01), Traversat et al.
patent: 6212192 (2001-04-01), Mirashrafi et al.
Multiplexing Of Clients and Applications Among Multiple Servers, Serial #08/785,915, Filed Jan. 21, 1997, pp. 1-45, International Business Machines Corporation.
Becker Craig Henry
McClain Matthew Dale
Dawkins Marilyn Smith
Todd Voeltz Emanuel
Yee Duke W.
LandOfFree
Method and apparatus for maintaining session states does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for maintaining session states, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for maintaining session states will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3052564