Keeping JSP session alive between two applications on two tomcat servers

Question

Hi I want to keep same session between two different application which are running on 2 tomcat servers. I have one application running on one server for which one session is created while logging in . If I click a link on the application, it will be redirected to second application on another tomcat server. At that time, it should maintain the same session which is in the first server. After that if it returns to the application in the first server, it should not ask for authentication again. It should use the same session.

Is there any way to pass the session ID or details between the 2 tomcat servers in JSP.

Can anyone help.

Answer 1

I think you might want a SSO (Single Sign-On) solution. So here are these which are available for free and some open source:

1. Open AM (previously Open SSO)
2. JOSSO (Java open Single Sign-On)
3. CAS (Central Authentication Service)

You can also build some custom security in both these web-applications using Servlet filters following the approach as mentioned here.

_{Note: Go for the custom solution (it would be a pain but a good learning ;-)) only if you don't want to use any of the SSO solutions; I will suggest not to Reinvent-the-wheel due to the reasons given here)}

Hope this helps.

Answer 2

If you are using two tomcat server on the same machine then there is different ports for both the server like one has 8080 and second one 8081.

Now you can simply forward request to second application with setting attribute and remember to give full path of 2nd application jsp in url like,

http://localhost:8081/2nd_application/page.jsp

JSP has 4 scopes: Application, Session, Request, and Page.

The use of the Request scope here is the right from me.

Answer 3

just Use resp.encodeRedirectURL() with resp.sendRedirect().

Like this :

response.sendRedirect(response(encodeRedirectURL("outputpage.jsp"))

Hope provided the right solution.