I'm using this topic to clarify one of my question....
If I had this case and I wanted to change the design.... Can I go ahead and store the "session" in a database and use it in the other app? is it a good practice ? or is it risky ? what other design can I use to share the session between two apps ?
Time is what we want the most, but what we use the worst. -- William Penn
I see you have been told here that this is not possible to share sessions, but this is not entirely correct.
What you are asking for, it sounds like, is "session replication." It is possible, but the way you do it depends on your application server and your application.
The idea of storing session state information in the database is perfectly acceptable. You may be able to find existing implementations of this for your platform.
Other strategies usually involve "in memory session replication" (another buzz-phrase you can search for). This may be supported by your application container/application server and you just need to set it up. Again, this will be different between application servers. You will need to research the options for yours.
If you run out of options and have to make your own, you might want to start by looking at the javax.servlet.http.HttpSessionListener interface. You might use this to instantiate and destroy sessions in your database, if you want to go that way. It would be easy to write code to load and store the session information you are interested in retaining in the database at the beginning and end of each request. In this case you would have to be able to modify APP1 and APP2.
So you can start sharing information at the level of ServletContext attributes.
In order to share session information, you would have to implement something like the HttpSessionContext used to do (with a SessionListener)
On the whole though, sharing information across two web applications on the same server is problematic.
I would take another look at this and ask if you really want to go down this path.