Currently, web resources may be accessed from a secured remote server that requires authentication of a user prior to providing the user with requested content. In order to authenticate the user so that the user may access the web resources (e.g., web pages, forms, static files, dynamic content, etc.) from the secured remote server (e.g., web server), a user typically utilizes a communication device to communicate with the remote server and may start a session which returns a session identifier to the user's communication device. Once the user's communication device receives the session identifier from the remote server, the communication device may use the session identifier in subsequent requests for resources to the remote server.
For example, upon receipt of the session identifier from the remote server, the communication device may include the session identifier in subsequent hypertext transfer protocol (HTTP) requests to the remote server such as, for example, a HTTP Get operation in which a request for a specified resource may be generated or a HTTP Post operation in which data may be submitted for processing in a request. In this regard, the session identifier may be included in subsequent HTTP requests sent to the remote server as either a request parameter or as a cookie.
Since the user's communication device may provide the remote server with a session identifier corresponding to a previously authenticated session, the remote server will typically grant the communication device access to the requested secured resource without requiring the user to be re-authenticated. In this manner, an authenticated session with a remote server may be established. It should be pointed out however that the current mechanisms of initializing an authenticated session on the remote server may suffer from a number of drawbacks. For instance, the initialization of an authenticated session on the remote server may be time consuming given that a separate authentication request is typically required to be sent to a web application prior to sending a request for the secured resource. This may result in an inefficient use of processing capacity and it may unduly increase overhead (e.g., load capacity) on the remote server.
One approach to reduce the overhead of establishing an authenticated session may be to modify a corresponding web application on the remote server with the secured resource to allow for receipt of user credentials (e.g., a username and password) with each request for a secured resource so that the user may be authenticated before granting access to the resource. This may eliminate the need to send a separate authentication request to a corresponding web application of the remote server prior to sending the request for the secured resource. However, this solution may be inadequate or undesirable since the changes to the secured web application may require the remote server to support the receipt of user credentials with the receipt of every request for a secured resource. As such, an undue burden may be imposed on the remote server.
In view of the foregoing drawbacks, it may be desirable to provide a mechanism that more effectively establishes authenticated sessions and reduces the load, bandwidth and processing requirements on one or more devices involved in establishing an authenticated session with a secured web application.