I have two applications deployed on two different servers. My process is to let user request to the application on server A, authenticate him and then redirect him to Server B application. Can I send the session object created on Server A to Server B, containing the user data, using the encodeRedirectURL method?
seetharaman venkatasamy wrote:and welcome to javaranch Amol
In that case, wont it be a security issue. I guess query string will be like www.xyz.com?a=b&c=d. So, lets say i login the user on one app, and redirect him to some other, passing the credentials as parameters, I cant make a POST request, instead i am making a simple get request. So isnt there any way that the communication between the two applications be made secure?
While sessions can't be shared between web apps, it is possible to require only a single login for multiple web apps. It's called SSO (Single Sign-On), and you can find some Java implementations in the http://faq.javaranch.com/java/SecurityFaq#web-apps page.