1. Field of the Art
Generally, the present application is related to data processing. More specifically, the application is related to using a global unified session identifier across multiple data centers in different locations.
2. Discussion of the Related Art
Enterprise computer networks are often spread over different data centers. The data centers can be geographically collocated or dispersed. Using single sign-on (SSO), a user can log into one data center and then access other data centers without logging in. For example, SSO allows a user to enter a username/password once in order to gain access to multiple associated resources.
A data center typically identifies each user session uniquely by generating a session identifier for each session. A user request for one or more resources may hop across data centers within a single SSO session, requiring all the visited data centers to generate unique identifiers for servicing the user request. However, a unique session identifier generated by one data center cannot be reused at a second data center for various reasons. For example, an access manager within a data center may use built-in java virtual machine capability, such as random number generation, to produce the unique session identifier. Though a unique identifier from a first data center may be used by a second data center as a substitute for the randomly generated unique identifier in the second data center, forcing the second data center to use the unique identifier from the first data center may pose the risk that the identifier from the first data center will collide with another user's unique identifier generated by the random number generator in the second data center. As another example, the access manager may rely on a proprietary service (e.g., a database) to generate the unique identifiers. In this case, the consumer component does not have the technical provision to supply the unique identifier to another data center. Accordingly, because the unique session identifiers cannot be reused across data centers, there is no way to perform user session actions globally across data centers using the identifiers.