single sign-on system, global conversation and local session, the global conversation by sso server maintenance, local session by a specific subsystem maintenance,
after the user login successfully, and the various subsystems with sso authentication center establish session, user session with sso authentication center called global session, users and establish a session of each subsystem is called local session, after the local session established, users access to protected resources subsystem will no longer through sso authentication center,
Global conversation with local session has the following constraints:
1. The local session exists, the global conversation must be
2. The global session exists, local session does not necessarily exist
3. The global session destruction of local session must be destroyed
the problem here:
If the user has access to a subsystem, the subsystem of the local session not expired,
But how to guarantee the global conversation don't expire?
