Use case:

I have two web application running on tomcat which are deployed on two different machines. One of my application is a parent and other is a child. I login to my parent application and hitting a link on one of the pages of parent application i sends a browser request to my child application that open's one of its page in a separate browser window. In this scenario i would want both of my application to share the same timeout value and should behave like one complete application.

Scenarios to handle:

1. If i logout from my parent app, my child app should also get logout
2. If i close parent window, parent should get logout along with child
3. If i close child window, child should get logout and parent should remain logged in
4. If both the window are closed, both parent and child should get logout

Solution:

1. Set parent session time out to some value..say 30mins
2. Create a REST service on parent..let's say "parentisAlive()"
3. Create a REST service on child..let's say "childisAlive()"
4. Create session listeners on parent and child
5. Each of the session listeners would invoke its respective REST service
6. REST service would talk to each other based on its own application's sessionID
7. Parent would presist(memory/DB) child's sessionID and vice versa
8. Respective applications session listener would get activated when each of its timeout value reaches a specific value..say 20mins
9. Session listeners would invoke respective REST service that will be responsible to synch each others session time out value

Can anyone please suggest if this would be a good solution to implement session synchronization, does anyone see any flaw in this?