I am doing a programmatic security in J2EE.
siteA tries to access my siteB(J2ee) with a token appended in the URL.
In siteB, I verify the token. If it is good, I let him to access the requested page.
My question, where and how do I store the info that he was "authenticated" already? Then, if he accesses another page on siteB, I do not need verify the token anymore.