Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Signle sign on without using Session Cookie

 
Ranch Hand
Posts: 321
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I have implemented a single sign on solution for intranet by making use
of
session cookie.
Is there any way I can acheive single sign on without using Session
cookie?
Theoritically, I think it is possible if the Web Server supports URL
encoding, then I suppose I can create the session on another server and
return to the browser client the encoded url. I tried this but it
doesn't
seem to work. I think I am missing something.
any help/references is appreciated.
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All that you can get hold of is the session ID, and that is what you can explicitly pass back and forwards.
The session data is stored on the server. Therefore you can pass the session ID to another server, but it won't mean anything to that server since the session data doesn't exist.
Even when you are dealing with application contexts on the same server you are not able to share sessions. (there are a couple of ways around this, but it is generally application specific)
Dave
 
Rishi Singh
Ranch Hand
Posts: 321
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can HttpSessionActivationListener be used in this scenario while migrating session from one server to another
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm pretty sure not, since all the session specific stuff only happens in a single web app. You can keep passing the session ID to another web app, but it won't know what to do with it.
 
Rishi Singh
Ranch Hand
Posts: 321
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is it possible to maintain a Globals properties file, which can cater to all the web application on the server and by using HttpSessionActivation Listener, I migrate the session and put it in the globals which will act as a context for all the web applications on the server.
 
Ranch Hand
Posts: 156
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Rishi,
Maybe you can try the following:
1) If your app is hosted on a single server, you can store the data in the application context.
2) If what you have is a server farm, you can store the data on a backend database, so that every server can access/update the same data.
For 2), here are some links which you may find useful:
Taming the Stateless Beast: Managing Session State Across Servers on a Web Farm
Maintaining Session State on Your Web Farm
I know they're not at all related to Java (not even a drop of blood), but I think it illustrates the concepts very well.
Ex Animo Java!
-- Val
[ May 29, 2002: Message edited by: Val Pecaoco ]
 
Ranch Hand
Posts: 236
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Even though i do not have any working experience on this, but i would suggest you take a look at
SAML(Security Assertions Markup language) at
http://java.sun.com/features/2002/05/single-signon.html.
SAML enables open and interoperable designs for web-based single sign-on service functionality.
HTH,
Manjunath
 
Come have lunch with me Arthur. Adventure will follow. This tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic