William P O'Sullivan wrote:
If already logged in and the filter or interceptor is firing successfully, it should work.
Only in cases where a standard security framework is being used. One of the reasons that I harp so continuously on that topic. Phrases like "Both the applications share the common DB to authendicate the user" make me suspect that this isn't what's being done, but rather that one or both of those apps is using DIY security, instead.
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.