Back to Security Pattern Catalog
: Core Security, Information Disclosure
Many web based transactions require the user to browse through multiple web pages. Normally the user logs in at the start of transaction and then follows multiple web pages. Different components acting on behalf of a user might need to know, which user is activating them and what are the user’s permissions. Having every individual component or program within the system identifying, authenticating and authorizing users is annoying to both users and developers. In addition, system components might call each other or work together and thus need a way to share information regarding the user without compromising this ‘global’ data to other users.
How can the user data be shared between components ?
Create a session object, that holds all of the variables that need to be shared by many objects. Associate every action of the user with the session.
Cookies in HTTP protocol.
Single Sign On, Policy Enforcement Point, Integration Reverse Proxy, Front Door
Single Sign On, Session
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz