Logging out a user from a different application.. Spring Security

[vivek4348]

Hi All,

I have two separate web applications X & Y deployed on two separate sites.. Y takes care of credit card processing and X takes care of remaining functionality..

Usecase: If A would like to purchase a subscription, he does following things

(i) A logs into X

(ii) A adds a subscription

(iii) After adding the subscription, he logs into Y and adds his credit card information

(iv) He comes back to X and pays for it..

Now my question here is, how to manually logout A from Y when he is in X..? In crude terms, how to do a logout of a user from other application?

I did confiure session invalidation period for Y and I am using logout filter in Y also..

I am using Spring Security, Hibernate, Spring, Spring MVC.. in both X & Y..

Thanks,
Vivekanand Alampally

[vivek4348]

I have posted here also.. http://stackoverflow.com/questions/1...pring-security

[Rob Winch]

It seems a bit unconventional to have the user login twice and then logout once. Most likely what you are looking for is a Single Sign On protocol that supports Single Logout as well. A few examples that come to mind are CAS and SAML.

[vivek4348]

Thanks Rob.. I am going through some articles on solving this.. I will get back.