Secregating anonymous access to dynamic content on a web server, with cached logons

摘要

A system and method are provided for segregating access to dynamic content on multiple websites hosted by a web server. When a request is received for dynamic content from a website, a UserRetriever module identifies a path to the content and retrieves a username and password corresponding to the website, from a database that is separate from the web server and used for other purposes (e.g., billing). A UserImpersonator module requests a logon handle for that username from a logon cache manager. The logon handle is used to associate the request with the impersonated user account instead of the default anonymous user account with which the request was initially associated. The dynamic content is retrieved and served under the context of the restricted impersonated user account session, after which the applied logon handle is stripped off and the request is re-associated with the default anonymous user account.

主权项

1. Apparatus for serving content from multiple websites, the apparatus comprising:
one or more computer servers executing a plurality of web server instances to serve content of a plurality of websites, wherein the one or more computer servers comprise a plurality of user accounts; a single database, external to the one or more computer servers and shared among the plurality of web server instances, for mapping between a request for a dynamic content item of a website from an anonymous web user and a user account associated with a customer that owns the requested dynamic content item, to be used to process the request; wherein the user account is configured with permission to access content of the website associated with the dynamic content item, but not content of another website that corresponds to another user account; and wherein the database maps at least two different requests from anonymous users for dynamic content items of two different websites to two different user accounts.