The present invention relates to the field of client-server protocols. More specifically, one embodiment of the invention provides for seamless migration of a session from one independent cooperating server node to another.
The global Internet has emerged as a model of a distributed network of networks. One application for which the Internet is increasingly used is to interconnect hypertext transfer protocol (HTTP) servers to clients. The hypertext transfer protocol is used to serve documents containing hypertext references to client "browsers" on client systems connected to the Internet. The documents served by an HTTP server will often have hypertext references embedded in the document which refer to documents on the HTTP server or documents on a completely different server. With such an arrangement, millions of documents have been linked to form the World Wide Web, which is an allusion to the fact that these hypertext links might look like a spider web if a diagram of the documents and the links were drawn.
Hypertext, as such, was used in other contexts, such as help documentation, but those uses generally connected to a central document repository or even a single file with references to locations internal to the file. What made the World Wide Web more interesting and complex is the fact that a link in a first document stored on a first server might refer to a document on a second server where the author of the first document and the system operator of the first server had no editorial or system control over the second document or the second server.
This independence of servers did not inhibit the navigation of a client from server to server, since the reference for the link to be followed was fully contained in the document where the reference was made. These self-contained references to information are referred to as "uniform resource locators" (URLs) because the reference was all that was needed to locate the "linked-to" document. Since the URL is a static data element, it is the same for every client, so the linked-to server could not identify who the client was. Several solutions to this shortcoming have been in common use.
The most common solution is to eliminate the need to know who the client is. If the identity of the client is not needed, an HTTP server will serve documents to any client which requests a page. Of course, this solution is only practical where the author of the linked-to document does not want to place any restrictions on who may view the page. If the author of the linked-to page wants to place restrictions, the client will have to enter into a "session" with the server where the client is first authenticated prior to the server allowing access to the server.
One consequence of such an architecture is that, without some session control, the clients and servers must operate in a "stateless" manner, i.e., not tracking client identity, or any other variables, from request to request. Session control, when used, is usually done by a server requesting a login name and a password from the client prior to serving documents. Where all the documents are stored on a single server or a centrally controlled cluster of servers, session control only need occur when the client first visits the server. If a link from one document references a document on the same server, the session can be seamlessly continued from the perspective of the client. However, if the link is to a document on a second server not commonly controlled with the first server, the second server will interrupt the navigation process to require authorization information from the client. The usefulness of hypertext documents is greatly diminished if a user must enter a new login name and password each time a link is taken.
Session control for a single document is known. A URL for a document available in a sessionless environment might be a character string of the form:
http://server.host.domain/directory/subdir/file PA1 http://server.host.domain/dir...file?userfred+password
with "http://" indicating the protocol, "server.host.domain" uniquely identifying the server, and "directory/subdir/file" identifying the document to be served. Where the document is not to be accessible to other than an authorized client, the URL might be of a form similar to the sessionless URL:
In the session-specific URL, the user's name and password are included in the URL. While this is useful for making a reference to a single document for a specific user, it is not useful for passing sensitive session information because, the user name and password being in plaintext, it is too easily tampered with.
Thus, what is needed is a method and apparatus for maintaining a seamless and secure migration of a session between a client and a first server to a session between the client and a second server, where the first and second servers are independently controlled.