We have a JNLP program that makes a REST call to the server during its operations. Without the JNLP we can add the JSESSIONID as a cookie to the REST call and things work just fine.
But when we make the REST call from the JNLP it adds another JSESSIONID as a cookie and so the original JSESSIONID won’t get picked up. The web application is protected by Spring Security and also all the JARs required for JNLP get’s downloaded correctly and JNLP launched just fine, only the REST call is impacted. We add the following for all jar downloads: