2014-03-06 0:30 GMT+04:00 Bill Davidson <bill...@gmail.com>: > The Java version wasn't it. Recompiled and redeployed with 1.7.0_25 > and it had no effect. > > The SSL handshake problem went away when we disabled TLS 1.1/1.2 in the > JCP on the client side and clicked "Restore Security Prompts" in the JCP. > > There was also a problem with JSESSIONID not being sent to the server > which was causing the applets call to the server to get a missing sesssion > exception. I don't know how that changes when it's the exact same jar > file that worked before. We put some code into the applet to force the > JSESSIONID to be sent and now it works; as long as TLS 1.1/1.2 are disabled. >
Session cookie is HttpOnly in Tomcat 7. If you missed that in migration guide, it is here: http://tomcat.apache.org/migration-7.html#Session_cookie_configuration > Sigh. We still haven't identified what caused this in the first place and > we're running out of ideas. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org