Create a unique token for the session and put in in a db table that both apps access.
Store the token in the users's cookie.
This avoids the session sharing issue and is also more scalable.

为会话创建一个唯一的令牌并将其放入两个应用程序都可以访问的数据库表中。
将令牌存储在用户的 cookie 中。
这避免了会话共享问题并且也更具可扩展性。

Tomcat provides Single Sign On functionality via a valve specified within Hostelement in Tomcat's configuration:

Tomcat 通过在 Tomcat 配置中的Host元素中指定的阀门提供单点登录功能：

<Host name="localhost" ...>
  <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
</Host>

There are certain restrictions applied, take a look at the above link (scroll to Single Sign On section) for details.

应用了某些限制，有关详细信息，请查看上面的链接（滚动到单点登录部分）。

Here is how you can code it I have been doing it for another bit of work I am working on ....

这是你如何编码它我一直在做我正在做的另一项工作......

First update

第一次更新

/etc/tomcatx/server.xml

/etc/tomcatx/server.xml

For each context that requires to be shared

对于需要共享的每个上下文

 <Context path="/servlets" crossContext="true"..
 <Context path="/solutions2" crossContext="true"..

Add the crossContext=true tag to each context now for the code to create and send shared session info

现在将 crossContext=true 标签添加到每个上下文，以便代码创建和发送共享会话信息

..................................

……………………………………………………………………………………………………………………………………………………

The code to alter it..

改变它的代码..

//Context 1 : Sending Servlet Add below
//So this is AuthSuccess - Within The master context doing authentication
//Given examples of vectors sessions and request from
//All the information now allows you to put those new
// provider and providerName session values back into AuthSuccess
//that is executed on other Context -
//In theory once it authenticates you can just store the output i.e.
//email/display/logged in and put it into other context - or...
//as it is process list etc on other context


//Vector example
Vector roles=new Vector();
roles.addElement("COOOGOOO");

 //Redirect url
 String redir="http://mydomain.com/solutions2/AuthSuccess";

 //Get session id
 String sessionid = session.getId();

HttpSession session = req.getSession(true);
session.putValue("provider2","provider_session_info");
session.putValue("providerName2","providerName");
 //Start new shared servlet context
 ServletContext myContext = getServletContext();

//Shared sessioname is obvious and it sends the session id followed by:


// objects,string,sessions,whatever that matches other end
myContext.setAttribute("MYSHAREDSESSION", sessionid);
myContext.setAttribute("GOOFY",roles);

//Send session directly
myContext.setAttribute("SharedSession",session);

//send HttpRequest
myContext.setAttribute("SharedRequest",request);

   //Redirect to new context/domain/subdomain
  Redirect(out,red,response);

//-------------------------------------------------------------

// Now within ther servlets of solution2 within 
// AuthSuccess call back the session info
// and process as per normal

 //Add this to new context path 
   //So it looks in the first context now
  ServletContext firstOne = getServletContext().getContext("/servlets");

  //returns previous session id
  String jsessionid= (String)firstOne.getAttribute("MYSHAREDSESSION");

  //Returns Session as was
  Session ProviderName=(Session)firstOne.getAttribute("SharedSession");
  //Returns session strings we need
  String g1=(String)ProviderName.getValue("provider2");
  String g2=(String)ProviderName.getValue("providerName2");
  pout +="---
 "+g1+"
"+g2;

 //Grab previous request to do req processing if required
 HttpServletRequest nrequest=(HttpServletRequest)firstOne.getAttribute("SharedRequest");

//retrieve vector
Vector goo= (Vector)firstOne.getAttribute("MYVECTOR");
 if (goo.size()>0) {
  for (int a=0; a";

  }
 }