> > > Is there a WebObjects-way of passing sessions between applications or > > is it simply a case if using a manually created cookie with an > > encrypted username and somehow safely providing a time-limited > > credential? > > I once broke up an application into two for the same reason you are > considering. I have regretted it ever since. It uses more memory on the > server (more app instances) and you have the problem of different sessions > on different applications. > > If you really want single sign on, look at something like Cosign, or > WebAuth or Shibboleth.
we have taken the several apps approach. internally we have 8 WO apps and we use OpenID for single-sign-on, authenticating against our google apps domain. remember that single-sign-on just means you don't have to sign in to each app over and over again - it doesn't mean you have an app-wide WO session. it's really just a convenience, but an absolute must in my opinion if you are going down the multiple app route. we have been toying with the idea of putting in our own cross-app session type thing - i.e. a database-persisted dictionary of key-value pairs accessible via a some kind of session key / app name key. not got beyond the thinking stage yet though... simon
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
