Some more info (and questions): In my simple two web app example, I noticed each webapp is always using a different JSESSIONID cookie value.
So I'm wondering how Shiro would be able to re-use any subject info across the sessions of two different web apps? (Are the session cookies supposed to be different for SSO across web apps?) I'm debugging my example case (and even created my own Cache: public class MyCrudeCacheImpl implements Cache...using a disk based hashtable). I still don't see how the sessions in the different web apps would ever be linked up, given they always have different sessionIds. Can you give me some pointers on how this plumbing between the sessions is supposed to work? (Does Shiro look into the separate session objects and examine something there? If so, what?). Once I understand how these should link, maybe I can figure out what I'm missing. -- View this message in context: http://shiro-user.582556.n2.nabble.com/SSO-on-single-tomcat-container-tp7577698p7577699.html Sent from the Shiro User mailing list archive at Nabble.com.
