Java - How to share the session between two or more Web Application?

java spring session web-applications
41,824

Solution 1

Technically, session between two web application (two different WARs) cannot be shared. This is by design and done for security reasons. I would like to make following comments and suggestions for your problem,

  1. Session are generally tracked using an session ID which is generally stored as a cookie on the browser and Session object on the server side.
  2. This cookie is sent server side every time when you send a request.
  3. A cookie will be sent ONLY to the server where it came from.
  4. So a cookie set by www.mysite.com/app1 will be sent only to www.mysite.com/app1 and not to www.mysite.com/app2.
  5. For you case, for a user sessions to be valid across two application, the browser will need two cookies to be set from app1 and app2.
  6. One way would be, when you login to app1 , using java script, also send a login request to app2. When both these request return successfully, your browser will have session for both the applications (app1 and app2)
  7. Now logout will have its own challenges, when you logout from app1, you also need to logout from app2. Technically this means, you need to clear the cookies set from both of these applications. With little help from java script you can do this.

Solution 2

When you have to make a call to app2 from app1, pass all necessary information via the request object (as a request params) then app2 can read and create the session there (perhaps a servlet/filter can be used for this).

you can share a session between the same application (app1 and app1) across machines using clustering.

Share:
41,824
shankarmbtech
Author by

shankarmbtech

Updated on July 09, 2022

Comments

  • shankarmbtech
    shankarmbtech almost 2 years

    I have two web Applications. I will login in to one Web Application and will navigate to another by links or redirection from the first Application. Lastly after completing some steps in Application two, I will be redirected to Application one. How can I implement this?

    Here Application two is generic, and I will have three instances of Application One, which will interact with Application two.

    Please suggest a better approach. I have to use spring and Spring Webflow to implement it.

  • shankarmbtech
    shankarmbtech over 11 years
    Thanks for your reply Anantha. I can have two seperate sessions. No need for a single session. Please suggest some idea to implement this one.I have no idea how to implement it. Its like one flow. I am doing some functionality in App1. After that i am going to App2 and doing some other functionality which is continuation of App1 and then returning back to App1 and completing the flow.
  • shankarmbtech
    shankarmbtech over 11 years
    Its like going to second app for payment process and coming back to App1
  • Anantha Sharma
    Anantha Sharma over 11 years
    What you explained is a typical payment process (as you mentioned) the process here would be to pass all necessary info as part of the requests (usually HTTP POST) this will create a session in app2 (which handles the payment and returns)...
  • Santosh
    Santosh over 8 years
    From the Specs(tools.ietf.org/html/rfc2109) : The Path attribute specifies the subset of URLs to which this cookie applies.
  • Santosh
    Santosh over 8 years
    Also refer to this post: stackoverflow.com/questions/1967963/…
  • Santosh
    Santosh over 8 years
    For "session id is shared across all the places of your domain", the path needs to be set as '/'. Thats what PHP must be doing, otherwise cookie handling has nothing to do with any technology (java/php etc.)
  • kravemir
    kravemir almost 7 years
    Is it not possible to set session cookie for whole domain and don't restrict them to specific paths?
  • Santosh
    Santosh almost 7 years
    Yes. Thats possible. All you need to do is to set the session cookie with path as root '\'.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to delete a file after sending it in a web app?
maintain state with spring between requests
How to pass session id as part of Soap request?
Help catching session timeout in spring
Spring Security session timeout is too short
Get bean of @Service annotated class?
Hibernate/Spring3: could not initialize proxy - no Session
Spring Security logout and Maximum sessions
Default objects in spring 3 mvc SessionAttributes when session expired
How to get session time out message using Spring security