application A accesses application B the same way client in a browser would. if we are talking about servlets/JSPs, you would open an URL connection to the servlet/JSP in application B, send a request and take the response. application A will run in its session created for the client who accessed the application A through the browser. application B will create its own session for application A which it views the same as if a user connected to application B via browser. it is the same thing. so each application will have its own session, application A will have a session open for a client who accessed it through the browser and application B will have a session it created for application A as client. as far as the data in the client browser, application A controls that. it decides what to do with the data it gets from application B which has absolutely no control over client's browser (unless you for the request to application B in which case the response of application B will go directly to client's browser).