I've observed the same phenomenon. It's just a theory, but I suspect it might have to do with Internet Explorer 6 itself. I think Microsoft quietly changed IE6's default cookie-acceptance behavior to automatically reject all cookies from sites not meeting its criteria for auto-acceptance. Taking a wild guess, IE6 might now automatically reject cookies from sites accessed via IP addresses that don't resolve to a hostname.
Another possibility: a few years ago, when anti-cookie hysteria was being fanned by magazines eager to scare naive readers and people were disabling cookies for stupid reasons (like thinking a "malevolent cookie" could reformat their hard drive), Microsoft quietly introduced a special anonymous cookie-in-all-but-name ("session id") that persisted only for the duration of a single session (I think it even went away if you browsed to another site or were inactive for more than an hour), but could not be disabled (so IIS could depend upon its availability and use it to track users from page to page within the session and match the correct IIS session variables with the right user). I'm not sure whether Tomcat and other servlet containers take advantage of it (or whether they'd even be ABLE to without lying to the browser and pretending to be IIS), but I see two likely scenarios: 1) Tomcat (and other servlet containers) can't/don't use the special anonymous session ID, and IE6 is now denying session-cookies by default because something is triggering the behavior (non-resolvable IP, etc.) 2) Tomcat (and other servlet containers) DO use MSIE session IDs when available, but IE6 now denies even THAT to sites that fail to meet its criteria for acceptablity (possibly holding sites openly running a server other than IIS to a higher standard) >I was using Tomcat 3.2.1 and switched to Catalina 4.0.3 (both on Windows >2000). Now my browser (IE6.0 on Windows 2000) gets no cookies anymore. It >seems that the session management ist now handled using URL rewritting and I >don't know why. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>