On 06/07/2011 21:54, S Arvind wrote:
> Hi All,
> Web application presently running in the tomcat 6 which has ap=
plet
> in it. In that applet we make a connection to server using URL class an=
d get
> some data from the server after it loads. In this process we got error =
after
> updating to the tomcat 7. The problem is the session between the web
> application and the applet varies which runs in the same browser tab. D=
ont
> know why in tomcat 7 the applet request was considered as separate sess=
ion
> but instead in tomcat 6 bot are considered as same session request. Is =
there
> any configuration changes for it?
Tomcat 7.0.x and later versions of 6.0.x change the session id after
authentication*. You can't rely on the session id remaining the same,
the applet will need to check for session id changes in the cookie (or ur=
l).
p
* In order to prevent some session hijacking attacks
|