We are running JBoss 3.2.3 with the default Tomcat 4.1 service. We currently have one web application that talks to stateful session beans with Hibernate on the back end. Login/security is handled by our application from tables in an Oracle database.

The problem comes in when we now have the need to add a new web application that goes through the same login procedures. We would like to have a specific type of user transfered to this new web application. The servlet specification does not seem to allow for sharing a HttpSession across web applications. It also appears that we are unable to maintain the required data in the EJB session as we have not found a way to transfer the session reference for use in the new web application. I have seen multiple posts on the net stating that you need to store the session data in a database or in a Stateful session bean, but I am not sure how to tell who the user is once they have migrated to the new web application, which at that point they have a new HttpSession.

I would appreciate anyone being able to point me in the right direction here.

Thanks much!