In modern applications, web application may need to call some other web application on behalf of the connected users. There is three way to do it: the ugly and the smart.
The ugly consists to give the cookie value to the webapp 1 which use it in cookie header of its request. Since version 2.0, LLNG gives a better way to do it using tokens with limited scope.
Insert a header containing this value:
token( $_session_id, 'webapp2.example.com', 'webapp3.example.com' )
Webapp1 can read this header and use it in its requests in the X-Llng-Token
header. The token is build using the session ID and the list of authorized virtualhosts. The token is available only 30 seconds and only the listed virtualhosts.
Change handler type to “ServiceToken”. So it is able to manage both user and server connections. And that's all !