Hi there. I have the following problem in my web application. I am using the url rewriting method for session maintenance, but when a timeout occurs in my web application, tomcat sets a cookie named jsessionid (used for session tracking purposes) with a new session id value before redirecting the user to the login page. This jsessionid cookie value does not match the previous session id, it is a new one, and is also different from the new one created in the (re)login process.
Why does this happen? Does tomcat always create a jsessionid cookie when a timeout occurs? And if this is a tomcat issue, how do I disallow this (if it is possible, anyway)? Regards, Luís Amorim
