When the application creates a shared session by calling
flag, the client service creates a new session in the virtual machine (VM) only if there is not an already existing shared session for the given trusted application, and assigns a new session handle for the application. If a shared session already exists for the trusted application, the client service returns the existing session ID and adds the processInfo to the owners list.
The owners list (
) is limited to 20 owners.
When a shared session is created, all host applications that create a shared session send their data to the same instance of the trusted application.
When the application closes the session by calling
with the given session handle, the session in the VM stays alive to serve other applications.
To prevent security issues, the trusted application manifest contains the field applet.shared.session.support. During trusted application installation (after the firmware accepts the trusted application) the client service gets this field via GetAppletPropeties() and indicates, in the Applet manager, that users can create shared sessions . If the value of this field is false, the client service must fail with the appropriate error if the user tries to create a shared session.
Shared sessions can be used by multiple applications, but lack the ability to use Trusted Application-to-Host events.