When a user attempts to access a destination web site or server in a global distributed network, such as the Internet, a web server proxy (WSP) authenticates the user by presenting a login form and soliciting user credentials the first time the user attempts to access the destination web site. The WSP is a service that transparently proxies the destination web server and intercepts the requests from the user to the destination web site and forwards the requests to the destination web site, subject to authentication and access filters.
If the user provides the proper credentials, WSP authorizes an active session for that user, forwards the user's request(s) to the destination web site, and conveys any response received from the destination web site back to the user. The session may expire after some configurable time period of user inactivity, such that a subsequent request from the same user that is received after such time period requires authentication. WSP may also maintain a history of the user's failed authentication attempts, which may be due to providing invalid credentials, and lock out the user after some configurable number of failed login attempts.
In many situations it is desirable to cluster a number of WSPs so as to support more users than can be accommodated by a single WSP. To cluster WSPs, an instance of the service may run on two or more computers, which may be supported by a load balancer. Because a series of requests from one user most probably is handled by more than one node of the WSP cluster, the clustered WSPs should share session state information, which may consist of user authentication status or failed login attempts.
Currently, a centralized database or a session server is used for keeping track of the users session state information. When a cluster node receives a request from a user, the cluster node refers to the data base or the server to determine whether an active session has been established for the user or, otherwise, a failed login-attempt count is recorded for the user, as the case may be.
The problem with using a centralized database or session server for sharing users session state information is that if the database or the session server fails, the cluster cannot properly authenticate the user. That is, a user may be prematurely terminated, get to attempt more than the predetermined login-attempt limit, or have to provide unnecessary login credentials.
There is a need, therefore, for mechanisms to provide a cluster of WSP nodes and efficiently share user session state information among the WSP nodes.