Hi suryadev,
For single sign on to work, you must have same database table which contains username and password for all the web applications.
Create a web service which has login method with two parameters username and password. This method authenticates user and returns user id and their respective role and login valid upto time.
If user is authenticated first time, update valid upto time for that user into database for which user will remain authenticated.
If authentication fails, login method should return false.
In each web applications, in webservice callable method, if user login is succeed, create a cookie which should be expired on validupto time return by webservice.
If user is validated from web application1 and cookie is created which is not going to expired for the next nth days as per validupto time.
Same user opens web application 2 who is not logged into web appliation2. Here you have to check whether login cookie is found or not, if not call the webservice.
Webservice will check that user's validupto is more than current time from db, so it will return user id and his respective role, validupto time directly without checking user's credentials.
So here again, cookie will be created based on validupto time returns by webservice which will expire on the same time as web application 1 cookie.
So the same user will remain logged into both web application 1 & 2 for the same time.
Once cookie is expired, user will be logged out from both web applications.
This way, you can use as many web applications as you want for Single Sign On.
Reference:
https://stackoverflow.com/questions/34239815/single-sign-on-for-already-existing-multiple-web-applications
