The Session Service in Sun OpenSSO Enterprise tracks a user’s interaction with protected web applications. For example, the Session Service maintains information about how long a user has been logged in to a protected application, and enforces timeout limits when necessary. Additionally, the Session Service:
Generates session identifiers.
Maintains a master copy of session state information.
Implements time-dependent behavior of sessions.
Implements session life cycle events such as logout and session destruction.
Generates session life cycle event notifications.
Generates session property change notifications.
Implements session quota constraints.
Implements session failover.
Enables single sign-on and cross-domain single sign-on among applications external to OpenSSO Enterprise.
Offers remote access to the Session Service through the Client SDK with which user sessions can be validated, updated, and destroyed.
The state of a particular session can be changed by user action or timeout. Figure 5–1 illustrates how a session is created as invalid before authentication, how it is activated following a successful authentication, and how it can be invalidated (and destroyed) based on timeout values.