<init-param> <param-name>crossDomainSessionSecurity</param-name> <param-value>false</param-value> </init-param>