views:

1461

answers:

2

I have a Java applet that runs inside a forms-authenticated aspx page. In the .NET 1.1 version of my site, the applet has access to the session cookie and is able to retrieve a file from the server, but in the .NET 2.0 version it fails to authenticate.

I have seen a couple of forum posts elsewhere that state that 2.0 sets cookies to HttpOnly by default, but the solutions given haven't worked for me so far. I also read somewhere that 2.0 may be discriminating based on user-agent.

Does anyone have any experience or insight into this?

A: 

A Session cannot be shared between Java, Asp, Asp.net, Php or such, not nativly that is However! If you have a database where you store the sessions, you can always use a session identification in a GET-url and therefore simulate cross-language-sessions.

So it fails because there's no session that can be mapped in asp.net which were set in Java. You can't even share session between old asp and asp.net.

Filip Ekberg
A: 

Filip's answer isn't entirely correct. I ran a program to sniff the HTTP headers on my workstation, and the Java applet does in fact present the ASP.NET authentication ticket in some circumstances - just not reliably enough for my needs.

Eventually I did find a solution to this, but it didn't entirely solve my problem. You can add an entry to the web.config in .NET 2.0: <httpCookies httpOnlyCookies="false" /> but this didn't work for all my users.

The long term solution turned out to be modifying the Java applet so that it doesn't need to retrieve anything from the web server.

Aidan
This changes the scenario and my answer still applies to your question. You might be confusing sessions with cookies..
Filip Ekberg