You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by S Arvind <ar...@gmail.com> on 2011/07/06 22:54:07 UTC
Tomcat 7 applet session problem
Hi All,
Web application presently running in the tomcat 6 which has applet
in it. In that applet we make a connection to server using URL class and get
some data from the server after it loads. In this process we got error after
updating to the tomcat 7. The problem is the session between the web
application and the applet varies which runs in the same browser tab. Dont
know why in tomcat 7 the applet request was considered as separate session
but instead in tomcat 6 bot are considered as same session request. Is there
any configuration changes for it?
Arvind S
"Many of lifes failure are people who did not realize how close they were to
success when they gave up."
-Thomas Edison
Re: Tomcat 7 applet session problem
Posted by Michael Heinen <mh...@googlemail.com>.
It could be caused by the useHttpOnly attribute of the context to
prevent cross-site scripting attacks.
HttpOnly cookies are not allowed to be passed to any client side script
or Plug-in - such as a java applet.
see e.g.
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html#Common_Attributes
So you have to
a) disable httpOnly cookies
b) pass a parameter into the applet with the sessionId and the applet
has to use this sessionId in the requests.
Michael
Am 06.07.2011 23:18, schrieb Pid:
> On 06/07/2011 21:54, S Arvind wrote:
>> Hi All,
>> Web application presently running in the tomcat 6 which has applet
>> in it. In that applet we make a connection to server using URL class and get
>> some data from the server after it loads. In this process we got error after
>> updating to the tomcat 7. The problem is the session between the web
>> application and the applet varies which runs in the same browser tab. Dont
>> know why in tomcat 7 the applet request was considered as separate session
>> but instead in tomcat 6 bot are considered as same session request. Is there
>> any configuration changes for it?
> Tomcat 7.0.x and later versions of 6.0.x change the session id after
> authentication*. You can't rely on the session id remaining the same,
> the applet will need to check for session id changes in the cookie (or url).
>
>
> p
>
> * In order to prevent some session hijacking attacks
>
Re: Tomcat 7 applet session problem
Posted by Pid <pi...@pidster.com>.
On 06/07/2011 21:54, S Arvind wrote:
> Hi All,
> Web application presently running in the tomcat 6 which has applet
> in it. In that applet we make a connection to server using URL class and get
> some data from the server after it loads. In this process we got error after
> updating to the tomcat 7. The problem is the session between the web
> application and the applet varies which runs in the same browser tab. Dont
> know why in tomcat 7 the applet request was considered as separate session
> but instead in tomcat 6 bot are considered as same session request. Is there
> any configuration changes for it?
Tomcat 7.0.x and later versions of 6.0.x change the session id after
authentication*. You can't rely on the session id remaining the same,
the applet will need to check for session id changes in the cookie (or url).
p
* In order to prevent some session hijacking attacks