About the Session Service

The Session Service in Sun OpenSSO Enterprise tracks a user’s interaction with protected web applications. For example, the Session Service maintains information about how long a user has been logged in to a protected application, and enforces timeout limits when necessary. Additionally, the Session Service:

• Generates session identifiers.

• Maintains a master copy of session state information.

• Implements time-dependent behavior of sessions.

• Implements session life cycle events such as logout and session destruction.

• Generates session life cycle event notifications.

• Generates session property change notifications.

• Implements session quota constraints.

• Implements session failover.

• Enables single sign-on and cross-domain single sign-on among applications external to OpenSSO Enterprise.

• Offers remote access to the Session Service through the Client SDK with which user sessions can be validated, updated, and destroyed.

The state of a particular session can be changed by user action or timeout. Figure 5–1 illustrates how a session is created as invalid before authentication, how it is activated following a successful authentication, and how it can be invalidated (and destroyed) based on timeout values.

Figure 5–1 Life Cycle of a Session