Hi there. I have the following problem occuring in my web application. I am using struts and I am using the url rewriting method for session maintenance, but when a timeout occurs the tomcat application server sets a cookie named jsessionid (used for session tracking purposes) with a new session id value before redirecting the user to the login page. This jsessionid cookie value does not match the previous session id, it is a new one.
When the user logs in again after the timeout, a new HttpSession object is created in the login process with a new session id, storing the user information in a variable in that HttpSession object. However, after the initial login process, the application server always gets the session from the id provided by the cookie created when the timeout occured, causing an error to occur because there is no user information in that session. The problem resides in the cookie created when the timeout occurs. Does tomcat create a cookie every time a timeout happens? I think this is a tomcat issue. Until now I've been unable to solve the problem and I haven't found a way to disable cookie session tracking in tomcat. Can anyone please help me solve this problem? Does tomcat always creates a jsessionid cookie when a timeout occurs or this just happens in my web app? And if this is a tomcat issue, how do I disallow this (if it is possible, anyway)? Regards, Luis Amorim
