get a cookie or session from one web application to another web application

Question

I have two web projects Admin and Dashboard. AdminEAR is being deployed on server which has project Admin and Dashboard.

I am giving a href link in Admin project JSP which will take me to Dashboard index page.

The Admin project URL is

http://localhost:8080/admindesktop/admin/

and the href will take us to a page with URL

http://localhost:8080/BMDashboard/index

Admin has an username which I want to fetch in project Dashboard. If someone logs out of Admin project, I want Dashboard to be logged out as well.

How can I achieve it? Do you guys have any suggestions.

Dashboard uses Spring and Hibernate but Admin does not use it. It is simple web app

Answer 1

I think you should probably use Single Sign on, if you have multiple applications that you want to have common login to:

https://searchsecurity.techtarget.com/definition/single-sign-on

If you can't do this, then sharing cookie with a "/" path will be the minimilist approach. Take a look at the following link:-

http://www.informit.com/articles/article.aspx?p=26138&seqNum=7

Answer 2

Try creating a cookie with the path explicitly set to "/" and see if you can access it from the other application as well since the context-root won't be in play. Once you have confirmed that you have access to the cookie (should be able to inspect this in the browser as well), you can create a javascript interval function that constantly polls the server for the state of the cookie... if the cookie has been removed (set max time to live to -1) redirect the user to the logout page and invalidate the session. The below code snippet is the standard approach to creating a cookie:

Cookie cookie = new Cookie("auth_token",cookieValue);
cookie.setHttpOnly(true);
cookie.setMaxAge(28800);
cookie.setPath("/");
httpResponse.addCookie(cookie);

The below code snippet is invalidating the cookie:

cookie.setMaxAge(0) // important part to invalidate the cookie;
cookie.setPath("/");
response.addCookie(cookie);