Hi All, I have implemented a single sign on solution for intranet by making use of session cookie. Is there any way I can acheive single sign on without using Session cookie? Theoritically, I think it is possible if the Web Server supports URL encoding, then I suppose I can create the session on another server and return to the browser client the encoded url. I tried this but it doesn't seem to work. I think I am missing something. any help/references is appreciated.
All that you can get hold of is the session ID, and that is what you can explicitly pass back and forwards. The session data is stored on the server. Therefore you can pass the session ID to another server, but it won't mean anything to that server since the session data doesn't exist. Even when you are dealing with application contexts on the same server you are not able to share sessions. (there are a couple of ways around this, but it is generally application specific) Dave
I'm pretty sure not, since all the session specific stuff only happens in a single web app. You can keep passing the session ID to another web app, but it won't know what to do with it.
Joined: Dec 09, 2000
Is it possible to maintain a Globals properties file, which can cater to all the web application on the server and by using HttpSessionActivation Listener, I migrate the session and put it in the globals which will act as a context for all the web applications on the server.
Hi Rishi, Maybe you can try the following: 1) If your app is hosted on a single server, you can store the data in the application context. 2) If what you have is a server farm, you can store the data on a backend database, so that every server can access/update the same data. For 2), here are some links which you may find useful: Taming the Stateless Beast: Managing Session State Across Servers on a Web Farm Maintaining Session State on Your Web Farm I know they're not at all related to Java (not even a drop of blood), but I think it illustrates the concepts very well. Ex Animo Java! -- Val [ May 29, 2002: Message edited by: Val Pecaoco ]
"Knowledge is power, but enthusiasm is the key." -- Lavern Barn
Even though i do not have any working experience on this, but i would suggest you take a look at SAML(Security Assertions Markup language) at http://java.sun.com/features/2002/05/single-signon.html. SAML enables open and interoperable designs for web-based single sign-on service functionality. HTH, Manjunath
subject: Signle sign on without using Session Cookie