Yes I am using build in virtual server level SSO,
Here's what I did
1. Created new Custom Realm
2. Created New Custom Login Module and added to Login.conf file
3. Specified in default-web.xml following parameter
<!-- ==================== Default Session Configuration ================= -->
<!-- You can set the default session timeout (in minutes) for all newly -->
<!-- created sessions by modifying the value below. -->
<session-config>
<session-timeout>2</session-timeout>
<cookie-properties>
<property name="cookieMaxAgeSeconds" value="60"/>
</cookie-properties>
</session-config>
Even after specifying the above value, when I access cookie info in my application I get my sessions with an expiry of "-1"(no to expire).
{
Cookie c = null;
Cookie cookie[] = request.getCookies();
if (cookie != null && cookie.length > 0) {
for (int i = 0; i < cookie.length; i++) {
c = cookie[i];
System.out.println("Name: " + c.getName() + " domain:" + c.getDomain() + " expiry:" + c.getMaxAge());
c.setMaxAge(0);
c.setValue(""); // it is more elegant to clear the value but not necessary
response.addCookie(c);
}
}
Name: JSESSIONID domain:null expiry:-1
Name: JSESSIONIDSSO domain:null expiry:-1
I am still trying to figure out, how to invalidate a SSO session for all the applications when user logout from one application and secondly, how to make the SSO time out?
Any help is this regard is greatly appreciated.
:-) Ajay
-----Original Message-----
From: Shing Wai Chan [mailto:shing.wai.chan_at_oracle.com]
Sent: Monday, June 06, 2011 8:57 AM
To: Thakur, Ajay K.
Cc: webtier_at_glassfish.dev.java.net
Subject: Re: SSO cookie expiration question
Are you looking at virtual server level SSO? GlassFish 3.1 already has that?
http://blogs.oracle.com/jluehe/entry/virtual_hosting_features_in_glassfish
http://weblogs.java.net/blog/swchan2/archive/2011/03/01/high-availability-single-sign-glassfish-31
Shing Wai Chan