It could be caused by the useHttpOnly attribute of the context to
prevent cross-site scripting attacks.
HttpOnly cookies are not allowed to be passed to any client side script
or Plug-in - such as a java applet.
see e.g.
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html#Common_Attributes
So you have to
a) disable httpOnly cookies
b) pass a parameter into the applet with the sessionId and the applet
has to use this sessionId in the requests.
Michael
Am 06.07.2011 23:18, schrieb Pid:
> On 06/07/2011 21:54, S Arvind wrote:
>> Hi All,
>> Web application presently running in the tomcat 6 which has applet
>> in it. In that applet we make a connection to server using URL class and get
>> some data from the server after it loads. In this process we got error after
>> updating to the tomcat 7. The problem is the session between the web
>> application and the applet varies which runs in the same browser tab. Dont
>> know why in tomcat 7 the applet request was considered as separate session
>> but instead in tomcat 6 bot are considered as same session request. Is there
>> any configuration changes for it?
> Tomcat 7.0.x and later versions of 6.0.x change the session id after
> authentication*. You can't rely on the session id remaining the same,
> the applet will need to check for session id changes in the cookie (or url).
>
>
> p
>
> * In order to prevent some session hijacking attacks
>
|