This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes About encodeRedirectURL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "About encodeRedirectURL" Watch "About encodeRedirectURL" New topic
Author

About encodeRedirectURL

Amol H Lekurwale
Greenhorn

Joined: Aug 06, 2009
Posts: 9
Hi,
I have two applications deployed on two different servers. My process is to let user request to the application on server A, authenticate him and then redirect him to Server B application. Can I send the session object created on Server A to Server B, containing the user data, using the encodeRedirectURL method?
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

Session Can not be shared between two web application. pass the user information as QueryString
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

and welcome to javaranch Amol
Amol H Lekurwale
Greenhorn

Joined: Aug 06, 2009
Posts: 9
seetharaman venkatasamy wrote:and welcome to javaranch Amol


Thanks seetharaman.
In that case, wont it be a security issue. I guess query string will be like www.xyz.com?a=b&c=d. So, lets say i login the user on one app, and redirect him to some other, passing the credentials as parameters, I cant make a POST request, instead i am making a simple get request. So isnt there any way that the communication between the two applications be made secure?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41177
    
  45
While sessions can't be shared between web apps, it is possible to require only a single login for multiple web apps. It's called SSO (Single Sign-On), and you can find some Java implementations in the http://faq.javaranch.com/java/SecurityFaq#web-apps page.


Ping & DNS - my free Android networking tools app
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: About encodeRedirectURL
 
Similar Threads
session = cookie?
difference between encodeRedirectURL and encodeURL
if browser is closed,does session expire?
I have doubt, response.sendRedtrect
url encryption