Of course, I not disabled cookies in Tomcat and my program invokes session.getAttribute() and session.setAttribute(), but the program not creates/reads cookies.
So, I will think about (2), if another appl on my server might be setting cookies in the root path... By the way how I can check that? -- Evgeny Javadesk Some questions that might help: 1) Do you have cookies turned off completely on all of your contexts? That means that you should be seeing ;jsessionid= in any of your URLs unless they are just hard coded html urls, right? In other words, if you use response.encodeURL() for links, you should have the jsessionid added to the URL. Are you doing nothing with sessions? session.getAttribute(), or setAttribute() ? You couldn't truly be doing anything with them if you really have cookies turned off. If you do have no session cookie, then either you have jsessionid in all of your request URLs, or else you are creating a new session on every request... you could try System.out.println(session.getId()) to see if you are getting a new session everytime or reusing an old one. 2) Are there other apps at your domain that might be setting cookies in the root path, and tomcat just happens to be trying to load them? Daniel Gibby __________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]