Vaadin XS - Invalid security key received from x.x.x.x


I created a simple application “hello world” with integration of Vaadin XS add-on.
When i run application in tomcat , i have this message :
INFO: TestVaadinXs Application: Invalid security key received from

How to solve this problem ?

Thanks in advance,


What browser, which version of the add-on? The one is the Directory is terribly outdated. It don’t work anymore with e.g. latest Safari versions since Apple fixed the “security weakness” that Google famously used to overcome third party cookie restrictions. We used the same hack :slight_smile: The warning might come from that.

The version in the SVN should work much better. Keeps session data in UIDL requests so that cookies are not needed at all. It also has several other enhancements.


I have the same problem with glassfish, Firefox (version 20.0) and the vaadin-xs version is the one from SVN.

Is there any solution? Or any clue to solve this issue?