I have a gadget on a parent webpage. I want to get the JSESSION ID in order to pass authentication of the current session from the javascript (I do not want to open a new session). document.cookies contains an empty string. On the other hand side when looking into the browser's cookie storage, I can find the JSESSION ID as HttpOnly. Is it possible to get this somehow in javascript? If not, can you please explain why? I read somewhere that jsession is a server side thing, how is it possible that the browser sees it?
No, you cannot get it, that is the whole point of HttpOnly. It tells the browser that a cookie should not be shared with scripts.
If the script for your widget is in the same domain as the website, it will use the cookies when it makes requests.