When you create a JSP application from a WAR file in Unwired Accelerator, there is a check box labeled Single Sign On (SSO). If you do not select this option, the implications are:
The JSP application is invoked without any credentials passed to it.
If the JSP application has the directive <% page session="true" %> in the JSP page, a new HTTP session is created whenever the JSP application is invoked.
A cookie is sent back to the portal, but the cookie is not remembered. Therefore, any state stored within the HTTP session is lost.
Since the HTTP session does not go away quickly—the default is 30 minutes in EAServer—repeated use of the JSP application can create a severe memory drain to the system.
