Hi, I have one applet that is loaded from a restricted (aka authorization required) zone in my webapp.

The problem is, when my applet open a HttpUrlConnection to the server to get some data the jvm is asking again for authorization (showing a window with username & password). I wanted the applet to share the session already authorized by the browser. I could pass the session cookie ID as a parameter to the applet, but putting it on the HTML seems insecure to me.

Is there any other way of doing this? I'm open to radically different alternatives, such as using JMS, if they solve this problem.