I'm about to implement my own SSO implementation, and I looked at net.jforum.sso.RemoteUserSSO. It seems to have a minor bug: all paths through isSessionValid() return false. I assume this is not the intent.
-- Scott Sauyet [originally posted on jforum.net by scott_sauyet]