Re: Get SSO ID on server

2011-08-16 Thread Chema
How do you accomplish that? By doing this SSO sniff-and-kill-session thing? It seems more straightforward to expire a particular webapp's session explicitly and let the SSO expire along with it. Doesn't that mean you'll have to re-run the same query just to expire the sessions in the other

Re: Get SSO ID on server

2011-08-16 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chema, On 8/16/2011 4:33 AM, Chema wrote: How do you accomplish that? By doing this SSO sniff-and-kill-session thing? It seems more straightforward to expire a particular webapp's session explicitly and let the SSO expire along with it. Doesn't

Re: Get SSO ID on server

2011-08-15 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chema, On 8/12/2011 2:56 PM, Chema wrote: Why bother? As soon as the user logs out of one web application (for example, by invalidating the corresponding session if form based login is used), the user's sessions in all web applications will be

Re: Get SSO ID on server

2011-08-12 Thread Pid
On 11/08/2011 22:31, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chema, On 8/11/2011 5:00 PM, Chema wrote: How I can get SSO ID on a servlet? Get the cookie value for JSESSIONIDSSO. I want to know this ID without browser sends a cookie to server.

Re: Get SSO ID on server

2011-08-12 Thread Chema
Why do you need a consistent ID between the two apps? Because I'll store this ID into a record in database. The apps checking every 60 sec if this record exists and, if dont , perform a logout - To unsubscribe, e-mail:

Re: Get SSO ID on server

2011-08-12 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chema, On 8/12/2011 3:51 AM, Chema wrote: Why do you need a consistent ID between the two apps? Because I'll store this ID into a record in database. The apps checking every 60 sec if this record exists and, if dont , perform a logout Why

Re: Get SSO ID on server

2011-08-12 Thread Chema
Why bother? As soon as the user logs out of one web application (for example, by invalidating the corresponding session if form based login is used), the user's sessions in all web applications will be invalidated. Any subsequent attempt to access a protected resource in any application

Get SSO ID on server

2011-08-11 Thread Chema
Hi: I've configurated my server.xml with Valve className=org.apache.catalina.authenticator.SingleSignOn/ and I've got deployed two web applications with Realm authentication How I can get SSO ID on a servlet ? I want to know this ID without browser sends a cookie to server. I don't need this

Re: Get SSO ID on server

2011-08-11 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chema, On 8/11/2011 5:00 PM, Chema wrote: How I can get SSO ID on a servlet? Get the cookie value for JSESSIONIDSSO. I want to know this ID without browser sends a cookie to server. Browser cookies are a requirement to use Tomcat's SSO. Given