The present invention relates to a technique for managing sessions. The present invention more specifically relates to a technique for managing a session established between a client apparatus and each of a plurality of server apparatuses.
In recent years, a Single Sign-On (SSO) authentication system implemented by a reverse proxy server has been used. In the SSO authentication system, a reverse proxy server acting as a proxy for a plurality of server apparatuses collectively processes authentication requests received from a client apparatus. When the authentication is successful, a session between the client apparatus and each of the plurality of servers are established. As described, in the SSO authentication system, the user can access every one of the plurality of server apparatuses by performing a login operation only once (refer to paragraph 0219 of Japanese Patent Application Publication No. 2005-11098, for example).
In the SSO authentication system, it is preferable that the authentication statuses respectively of the plurality of server apparatuses should be in synchronization. In a system including a plurality of server apparatuses operating in a coordinated manner, for example, an unexpected error may occur when a session is disconnected in a server apparatus, that is, when a session is disconnected only in a part of the system. However, when a system is to be built taking into consideration various combinations of authentication statuses are, the amount of work and costs associated with the development of the system adversely increases.
In the meantime, an existing server apparatus, itself, is provided with a function to disconnect a session, such as time-out detection and log-out detection, in many cases. Specifically, the user himself or herself disconnects a session with each server apparatus by logging out from the server, or each server apparatus can disconnect a session by use of the time-out detection function. For this reason, when such server apparatuses are used without any modification in the SSO authentication system, the inconsistency of authentication statuses may occur.
For this reason, the existing server apparatus cannot be used as it is for the implementation of an SSO authentication system, so that a different server dedicated for the system needs to be developed, or some functions of the existing server apparatus needs to be modified.
In this regard, an object of the present invention is to provide a system, a method and a program that are capable of solving the aforementioned problem. The object is achieved by combining the features recited in the independent claims of the scope of claims. In addition, the dependent claims define more advantageous specific examples of the present invention.