Field of the Invention
The present invention relates to an authentication information management technique.
Description of the Related Art
There exist web services (to be referred to as target web services hereinafter) on a web, which provide various functions of, for example, storing user's photos and making them open. In such a target web service handling private information, authentication processing of individual users is executed. Additionally, in a browser, it is a common practice to store user's authentication information in a file.
There also exist external web services which cooperate with the target web services and provide different functions. An external web service, for example, receives photo data from a target web service and processes the photo data, creates an album or calendar using the photo data, or prints the processing result.
A method is known in which the external web service performs authentication processing of a target web service to be used before access to user's data, and causes a browser to store authentication information (to be referred to as a Cookie hereinafter), thereby accessing user's data on the target web service. For such an external web service, a target web service that separately provides an authentication function for the external web service exists.
In a case where a plurality of users use a browser, however, there is a problem of security. That is, if a file storing a Cookie remains, users other than a user who has performed authentication can also access the user's data. Japanese Patent No. 4913227 describes a method of deleting a Cookie on the OS side when a user has terminated a browser.
In the technique described in Japanese Patent No. 4913227, however, when, for example, user switching is done, and processing is continued without terminating a browser, the Cookie cannot be deleted. Hence, to delete the Cookie at a user's desired timing, the user executes an operation of manually deleting the Cookie. However, the Cookie deletion method changes depending on the browser, and the user needs skill in browser operation.
A target web service sometimes has no authentication information deletion function even when an authentication function for an external web service is prepared. Furthermore, a web service may have a security restriction in a browser so the Cookie of another domain cannot be deleted. Hence, the Cookie of a target web service cannot be deleted from the side of an external web service.
The present invention has been made in consideration of the above-described problems, and makes it possible to easily execute deletion of stored authentication information.