An additional detail is that I think the problem only appears after I recently have done a sign out. In the sign out the cookie age value is set to zero and the session attribute removed and then the session is invalidated (so the removal of the session attribute is redundant code but anyway just in case the implementation of the session invalidation doesn't remove it).
-- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine-java/-/23Qs_CmkrdIJ. To post to this group, send email to google-appengine-java@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.