On 06/07/2011 21:54, S Arvind wrote: > Hi All, > Web application presently running in the tomcat 6 which has applet > in it. In that applet we make a connection to server using URL class and get > some data from the server after it loads. In this process we got error after > updating to the tomcat 7. The problem is the session between the web > application and the applet varies which runs in the same browser tab. Dont > know why in tomcat 7 the applet request was considered as separate session > but instead in tomcat 6 bot are considered as same session request. Is there > any configuration changes for it?
Tomcat 7.0.x and later versions of 6.0.x change the session id after authentication*. You can't rely on the session id remaining the same, the applet will need to check for session id changes in the cookie (or url). p * In order to prevent some session hijacking attacks
signature.asc
Description: OpenPGP digital signature
