Is this a problem with cookie visibility? E.g. is the cookie being set either on another host or with a specific URL that it applies to? This might cause the browser to not send the cookie to Jforum.
It might also be related to various browser level security constraints. Many modern browsers don't allow for long term cookies by default. Some even deny short term session cookies if the security contraints aren't modified.
FWIW, the RequestContext object that gets passed to the SSO methods is really a "wrapped" HTTPServletRequest object. So if you need more information about the
Java context, you can just re-cast this and get access to all the methods. E.g.:
HttpServletRequest req = (HttpServletRequest) request;
[originally posted on jforum.net by monroe]