I'm reposting a response to a CFTalk thread because my reply was too long and got bounced back with a warning that I should have truncated previous messages in the thread, although I did.


CFTalk Thread: J2EE SessionID with CFMX6.1 and Applets

"I must have interpreted your original inquiry to mean that you wanted to have the applet duplicate the server session scope in its own applet memory space.

Instead, it sounds like you just want to share the session scope from the applet such that if the applet makes an http call to the ColdFusion server and the applet passes the appropriate session id tokens that the server will see the applet and the browser as one and the same session. Yes, this can be done so long as the applet sends the session token back to the server with each response.

Example follows of HTTP Request and Response from a browser having cookies disabled and a server using CF J2EE Sessions and links using URLSessionFormat( )."




1st HTTP Request/Response, Session Starts



GET /test/ HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: serat03:8102
Connection: Keep-Alive

HTTP/1.0 200 OK
Set-Cookie: CFID=300;expires=Fri, 23-Jun-2034 15:04:34 GMT;path=/
Set-Cookie: CFTOKEN=17617117;expires=Fri, 23-Jun-2034 15:04:34 GMT;path=/
Set-Cookie: JSESSIONID=0230234380700$14H$5F$TR;path=/
Date: Wed, 30 Jun 2004 15:05:07 GMT
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Server: JRun Web Server
{data here ... }



In the above, the session was started and 3 session tokens were set, CFID, CFTOKEN, JSESSIONID as session-level cookies.



2nd HTTP Request/Response, Session Exists


GET /test/index.cfm;jsessionid=0230234380700$14H$5F$TR HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://serat03:8102/test/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: serat03:8102
Connection: Keep-Alive
Cookie: CFID=300; CFTOKEN=17617117; JSESSIONID=0230234380700$14H$5F$TR

HTTP/1.0 200 OK
Date: Wed, 30 Jun 2004 15:05:53 GMT
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Server: JRun Web Server
{data here ... }



In the above, the browser returned the session-level cookies in the header and the JSESSIONID was passed in the URL because this example was using URLSessionFormat around links.





3rd HTTP Request/Response,
Initiated in browser with Copy/Paste of URL
Session Exists and is Shared from 2nd browser



GET /test/index.cfm;jsessionid=0230c35fd150$AD$A7$9TR HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: serat03:8102
Connection: Keep-Alive
Cookie: CFID=300; CFTOKEN=17617117

HTTP/1.0 200 OK
Date: Wed, 30 Jun 2004 15:07:24 GMT
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Server: JRun Web Server
{data here ... }


In the above 3rd Rq/Resp pair, I copied the URL, opened a new browser and pasted it in. This new browser would normally be assigned a new session if the JSESSIONID was not used on the URL, but since it was this new browser was able to share the session of the first browser (note the JSESSIONID was accepted and a new one was not reset by the server response).

In fact, I copied the URL to a new browser on a different machine which already had different CFID/CFTOKEN but I pasted the same URL with JSESSIONID and I was able to share the same session from another machine. To me, this demonstrates that the J2EE Session can be shared between multiple HTTP clients on multiple locations, and this should hold true whether the client is an applet or a browser.