Is there a way to keep track on user's sessions within applications in the same tomcat?

Question

I have multiple applications (wars) deployed on same Tomcat application server. Each application has form login and uses Spring Security to authenticate. There is a centralized application (not in same Tomcat) from which Spring Security checks user credentials.

Is there a simple way to keep track on user's sessions in those wars and invalidate user's session within each war in case user logs off from one?

https://tomcat.apache.org/tomcat-7.0-doc/config/host.html#Single_Sign_On — Stefan, May 02 '16 at 13:04
Does the tomcat's "single sign on" work if I am not using Tomcat to manage authentication? — Nordkraft, May 02 '16 at 13:09

score 0 · Answer 1 · answered May 13 '16 at 15:48

0

I started using Spring Session. It integrates with Spring Security and offers a way to store users's sessions to a database.

answered May 13 '16 at 15:48

Nordkraft

125
2
9

Is there a way to keep track on user's sessions within applications in the same tomcat?

1 Answers1