Recently, I had a usecase to share same http session between different subdomains. The idea was that if a user is logged in on “somedomain.com“, he need not to login again to go to subdomain.somedomain.com. The same http session should be usable. I started off on the wrong foot by looking into the SpringSecurity plugin, which I had been using. But, later on, I found that this is to be done by configuring the Tomcat. The solution is to configure tomcat to recongnize session cookies from the subdomains. So all it takes is to modify element tomcat/conf/Context.xml to:
<Context sessionCookiePath="/" sessionCookieDomain=".yourdomain.com">
and you are good to go. The solution works for Tomcat version 6.0.27 and above.