The present invention relates generally to windows-based computer applications, and more particularly to a web user interface session and the sharing of session context information in such a session.
Today Web applications launched from a particular Web browser instance generally operate independently. They do not know about each other or share any common properties. For example, Common Gateway Interface (CGI) programs and Java applets get their environment from different sources. A CGI program is configured by passing it CGI tokens through the universal resource locator (URL) or querying the user. A Java applet is configured by Java applet parameters or querying the user. There is no common mechanism for sharing information across Web applications.
A current mechanism that can be used to share information across some Web applications is Web browser cookies. A named Web browser cookie can be shared by multiple CGI programs. While the Web browser cookie is an enabling mechanism, it is insufficient in itself due to some limitations. First, Web browser cookies are not directly accessible by Java applets. Second, many Web browsers have a per server limit on the number of Web browser cookies and the size of Web browser cookies (in order to avoid attacks from malicious programs); this puts a fixed upper limit on the amount of information that can be shared via Web browser cookies.
Two other aspects relevant to the concept of a Web session are missing from today""s situation. First, there is no program to initialize the session context information so that it can be inherited by other Web applications. Initializing the session context information may involve allowing the user to set session properties. Second, there is no unified login model to authenticate the user and determine the user""s access rights for the session. There are Web server-specific security mechanisms, but these do not provide authentication and authorization information to Web applications in a platform-independent manner.
It is therefore an object of the present invention to be able to initialize contextual environmental information of a Web user interface session so that it can be shared with other valid applications of the same Web user interface session.
Therefore, according to the present invention, a method for the sharing of session environment information between session applications during a Web user interface session is disclosed. The Web user interface session is initialized so as to allow certain session properties associated with a user, such as user name, user role, and locale, to be shared between all applications invoked during the Web user interface session. Application programming interfaces (APIs) are disclosed that provide access to the environmental information for both common gateway interface (CGI) programs as well as Java applets. The sharing of the environmental information between session applications allows a consistent user interface to be presented to the user during the session.
To accomplish this sharing of session properties between applications, the user first performs a login to the session during which the user name and password are entered by the user. If the user is validated, the Web user interface session is initiated and the session properties of the environment of the session are defined. An initial session application of the session is opened, based on the universal resource locator (URL) submitted by the user to the web browser to initiate the session. Any applications that are subsequently opened during the Web user interface session from the initial session application will share the session properties of the environment.
Session information is shared among Web applications through a session manager program that maintains the session properties that define the environment for the session. Common gateway interface (CGI) programs access these session properties by using interprocess communication (IPC) to make requests to the session manager program. Java applets access these session properties through a specific common gateway interface (CGI) program that returns the session properties in a specified format.
Communication with the session manager program to get session properties occurs as follows. The requesting session manager connects to a port on which the session manager program is listening. Next, the requesting session application provides a session number, a remote IP address of the session, and a request for the session properties to the session manager program. The session number is derived from a special Web browser cookie. If the session number and the remote IP address match those of the session, then the session manager program releases the session property information to the requesting session application.