I have several applications deployed on the same jboss instance. I currently have Single Sign On configured using the <sso/> tag. It is possible for a user to navigate from one application to another app (redirect) deployed on the same jboss instance. Currently when the user is authenticated into the first appplication, the SSO cookie is created and a Single sign on entry is created for this cookie in the SingleSignOn valve which works fine. Each application has a timeout period of 60 mins configured via the web.xml. When the user navigates to the second application the user principal is correctly propogated and a new session is created. However an new SSO entry for the second app is not created since the cookie remains the same.
Now the issue is that lets say the session for the first application expires, even if the second app's session is still active because the user is accessing the 2nd app, the Single Sign On entry is deleted. Therefore the principal is lost on subsequent requests for the second application. Because the Single Sign entry that is removed also gets rid of the principal. Is there a way to get around this issue?