My company is using IBM Websphere Application Server 4.0.5
This is our situation:
-- foo.ear contains a.war, b.war, and c.war
-- bar.ear contains d.war
-- pog.ear contains e.war and f.war
Our applications use a custom authentication mechanism.
After authenticating a user, we store the user's identity
in the HTTPSession object.
After the user has logged in, we want that user to be able to access
any of the 6 web applications ("single sign-on").
To do this, all 6 web applications must share a single HTTP
Is this possible to do in Websphere Application Server 4.0.5?
If not, is this possible to do in Websphere 5.0.2?
The Servlet 2.3 specification states:
SRV.7.3 Session Scope
HttpSession objects must be scoped at the application (or servlet context)
The underlying mechanism, such as the cookie used to establish the session,
can be the same for different contexts, but the object referenced, including
the attributes in that object, must never be shared between contexts by the
To illustrate this requirement with an example: if a servlet uses the
RequestDispatcher to call a servlet in another web application, any sessions
created for and visible to the callee servlet must be different from those visible to
the calling servlet.
Thanks in advance.
Websphere Application Server 5.0 documentation: