The story about Applet, Load balancer and HTTPONLY

Our application requires Load balancer stickiness (affinity).

We were investigating a problem that our Applet that was trying to connect to the application server behind a load balancer was having difficulties, it seems as if the request was routed to different App server without sticking to one app server

It was very interesting, all the web applications were working and 0nlt the applet failed

After few hours of investigation using Fiddler, we have found that the load balancer was configured to have the cookie set as HTTPONLY (very Secured).

The problem is that by declaring the cookie as HTTPONLY, it is not visible to JS but also to Applets.

Apparently Applets DO NOT support HTTPONLY cookies.

The key support element was to record a working session in the lab and a non working session on the customer environment and compare –> that way you can pinpoint the issue easily, even without knowledge.

Hope this saves you few hours