On my web server I have an HTML file that contains an applet tag:

    <applet code="Hello.class" width="100" height="100" />

And I have a Java class file named Hello.class in the same directory as the HTML file.

Both of these files are running on a web server (IIS 6) whose host name is something like this:

I have two cookies in my browser:

  • CookieA - Scoped to
  • CookieB - Scoped to

When the HTML file is requested from the server, Fiddler shows that both of the above cookies are sent along with the request.

When the Java class file is requested from the server, Fiddler shows that only CookieA (scoped to is sent.

I need both cookies to be sent to the server. Is there a way to do this?

I'm seeing this behavior is Firefox 3.5.2 and IE 7.

I've tried to find the spec on which cookies are sent but turned up nothing since Java 1.3.


+2  A: 

The client-side Java plug-in always consults the browser to verify if a cookie needs to be sent in the request. Details of the cookie support in the Java plug-in are available in the Java deployment guide.

There is one situation though where cookies will not be sent, and that is when the web server has set the HttpOnly flag on the cookie. In such a case, the HTTP request for the applet class will not contain the cookie header, since the Java plug-in will not be able to access the cookie.

Vineet Reynolds
Vineet, I had the HttpOnly flag set on the cookies that weren't being sent. Removing that flag fixed my problem. Thank you very much!
Tim Stewart
You're welcome. Just faced the same problem a few weeks back.
Vineet Reynolds

The cookie for HTML file is sent by browser itself but the cookie for applet class file is sent by Java Plugin. So they often differ.

For browser, the only rule it uses is the domain name. Plugin has to factor in things as security policy and codebase. See this document for the details,

What's your codebase for the applet?

ZZ Coder
ZZ Coder, thank you for your reply. In this instance it was an issue of the HttpOnly flag being set.
Tim Stewart