Java session variable not accessible from new page

Question

I'm working on some old Java code with broken authentication. The web application starts with a jsp file that successfully creates and authenticates a user object. Then a session variable is created with the following code.

session.setAttribute("guiUser", userIdentity);

If I decide to get this user object within the same jsp file:

UserIdentity foo = (UserIdentity) session.getAttribute("guiUser");
System.out.println(foo.getName());

I can succesfully retrieve the authenticated user object.

However, the page is then redirected to another jsp within a different project in my workspace using

response.sendRedirect(targetPage);

When I get to this new jsp page, a login check jsp is run before anything else. The login check has the following code to instantiate a user object from the session variable(or at least this is what I think it's supposed to do.)

<jsp:useBean id="guiUser" class="com.ussposco.sso.UserIdentity" scope="session"/>
<% (code that uses guiUser object) %>

This code doesn't seem to work, because the user object is null. So I tried grabbing the user object from the session with this code.

UserIdentity foo = (UserIdentity) session.getAttribute("guiUser");
System.out.println(foo.getName());

And the object is still null.

I'm pretty new to Java web applications, but I think that this is a problem with the way that the response is redirected. I can see two different cookies in Chrome when I think there should only be one. Also, on the production website, it changes the value of a different cookie than the code I'm using(obviously out of date) uses.

Answer 1

As you are redirecting to the different application you will not get the same session object. Something as Single Sing On (SSO) is required for this.