User logs in to an existing application and using it as usual. I have to develop another web application that will an additional module to the existing application. It will be launched by clicking on one link on the existing application.
Now user logs in to the existing application and clicks on the link for this new application. It opens in a new window. But in this new application
request.getSession(false) is returning null. I thought I'll be getting the session from the existing application.
First time the request gets into a Filter(for all url pattern using /* inside my new application) and i check whether the session is null here. If so I'm redirecting it to SessionExpired.jsp.
Next time, when again i launch this new application from that link (without logging in again), the session is not null. I guess it is getting created from SessionExpired.jsp.
Since the login authentication is done by the first existing application I just want to check whether that session exists with the request.
But i am getting null, meaning that i dont have access to the session created by the existing application. How can I manage this situation?
Either you manage the login yourself (that is, on the application level circumventing the container-supplied login management) and organize the interaction between the applications to support this, or you might want to look for the enviroment's supporting this. The key word (search criterium) is "single sign-on".
Thanks for your informative reply. Can you please suggest me how to manage the login sessions by myself inside my application?
Every request to the welcome page comes with a user-id logged in from existing application. How shall I manually create a new session only for this request( the request that launches my application from another application)?
If this created session expires inside my web application then i'll simply close the web page(of my new application) after alerting the user to login into the first application.