How can one develop a "single sign on" component similar to Yahoo.com where you can log-in to one service (email) and use other services (greetings, calendar etc) w/o logging on again. My guess is cookies with JSP/Servlets, am I right? Are there any other ways? Can someone elaborate in details a bit? TIA, - Manish
posted 13 years ago
Like you say, cookies are an option. Another option is to keep an object in session which represents the user. This object is only instantiated upon login, and contains infor such as their uid, permissions, a reference to a shopping cart maybe, or whatever else you feel is applicable. The various services check the session for this object and if it is valid allow access. If the object is null or otherwise invalid for some reason, the user is redirected to the login screen or some other appropriate page.