I'm working on a new webapp which will be the mobile version of our current one.

We now have www.mysite.com and we want to add m.mysite.com

The internal architecture will be pretty much the same and they'll both use Spring Security.

I was wondering if it's possible to have a way to share user sessions among the two webapps (so that if I login into the mobile site and then switch to the desktop version I don't need to login again).

I'm aware of SSO systems such as CAS, but we figured we would not like a third application handling authorization.

We'd rather have a way to setup spring-security on both webapps in a certain way (say they both use the same cookie or something like that) so to allow session sharing among them.