1. Field of the Invention
The present invention relates generally to authentication, and more particularly to a method, system, and computer-readable storage medium for establishing a login session.
2. Description of the Related Art
Modern computing systems often employ security measures to prevent breaches of the computing system. For example, computing systems may require users to be authenticated before granting them access to one or more resources of the computing system. Authentication may include the computing system prompting the user to provide a credential in order to log in to the computing system. The authentication may be based on a username and password, a smart card and personal identification number (PIN), or other information associated with the user. Once logged in to the computing system, the user has access to one or more resources of the computing system.
However, while secure authentication mechanisms can reduce the risk of unauthorized access to protected resources, those authentication mechanisms may become barriers hindering authorized users from accessing protected resources. Users may desire the ability to change from interacting with one application to another application without regard to authentication barriers that protect each particular system supporting those applications. In order to reduce such burdens on authorized users while maintaining system security, some computing systems have implemented single sign-on mechanisms.
In systems with single sign-on capability, a user provides a credential once and gains access to multiple computing systems without providing their credential again, even though each computing system requires the user to be authenticated. For example, a user may provide a credential only once and gain access both to resources of a computing device and to resources of an application associated with the computing device even though both the computing device and the application independently require the user to be authenticated before granting the user access to resources of the respective systems.
In the above example, a user provides the credential once and is logged in to the computing device and the application. In some scenarios, an event may cause the login session to end for the application but not cause the login session to end for the computing device. That is, the user remains logged in to the computing device but is logged out of the application associated with the computing device.
In conventional systems, once logged out of the application, the user needs to again provide a credential in order to log back in to the application. For example, the application may prompt the user to provide a credential when the user tries to access the application, even though the user remains logged in to the computing device.
In some cases, the user may need to manually log out of the computing device and log back in to the computing device and application in the same manner the user initially logged in. For example, in a case that the login session on the computing device is maintained by a smart card remaining in a smart card reader, the user cannot log back in to the application unless the user first logs out of the computing device (by removing the smart card from the smart card reader) and then logs back in to the computing device and application by re-inserting the smart card in the smart card reader.
These interruptions and repetitive communications can diminish the efficiency and quality of the user's interaction with such conventional systems.