It could be caused by the useHttpOnly attribute of the context to
prevent cross-site scripting attacks.
HttpOnly cookies are not allowed to be passed to any client side script
or Plug-in - such as a java applet.
see e.g.
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html#Common_Attributes
So you have to
a) disable httpOnly cookies
b) pass a parameter into the applet with the sessionId and the applet
has to use this sessionId in the requests.
Michael
Am 06.07.2011 23:18, schrieb Pid:
On 06/07/2011 21:54, S Arvind wrote:
Hi All,
Web application presently running in the tomcat 6 which has applet
in it. In that applet we make a connection to server using URL class and get
some data from the server after it loads. In this process we got error after
updating to the tomcat 7. The problem is the session between the web
application and the applet varies which runs in the same browser tab. Dont
know why in tomcat 7 the applet request was considered as separate session
but instead in tomcat 6 bot are considered as same session request. Is there
any configuration changes for it?
Tomcat 7.0.x and later versions of 6.0.x change the session id after
authentication*. You can't rely on the session id remaining the same,
the applet will need to check for session id changes in the cookie (or url).
p
* In order to prevent some session hijacking attacks
