1. Field
The present disclosure relates generally to network data processing systems and more specifically to application servers. Still more particularly, the present disclosure relates to renewal of user identification information at an application server.
2. Description of the Related Art
An application server is a software framework that provides an environment for a client device to use an application. The client device can access the application server over a network connection. The client device may be able to use the application to perform a transaction regardless of the location of the client.
The application server can be implemented on a number of different hardware devices. For example, the application server may consist of several server computers at different locations. Different parts of a transaction may be performed by different server computers. In order to maintain security and track a user's transaction, the application server may require the user to authenticate. For example, the user may enter a user identifier and password. The application server then creates a representation of the user from information about the user. The application server uses the representation of the user to associate the user with the transaction. The application server maintains the representation of the user for the duration of the transaction. The representation of the user can be passed to the different server computers that perform the transaction.
Additionally, when the user authenticates to the application server, the application server may return a token to the user's device. When the user's device sends a request to the application server, the user's device includes the token in the request. The token allows the server computer that receives the request to identify the user without requiring the user to re-authenticate. The token allows the user to remain logged in to more than one server computer. The user has been authenticated to the application server. Thus, even though the application server may consist of several server computers at different locations, the application server appears to the user as a single server computer.
However, if an unauthorized user gains access to the user's device, the unauthorized user may be able to use the token to access the application server. Additionally, the information about the user may change over time. Thus, the representation of the user maintained at the application server may be inaccurate.
Accordingly, it would be advantageous to have a method and apparatus, which takes into account one or more of the issues discussed above as well as possibly other issues.