prevent generating new jsessionid?

greetings all my application uses spring framework,spring security 3.0.2 we use apache tomcat as app server the problem is that with each new request to the application a new jsessionid is generated and a new session is created so the user is logged out and that's weird,why generating new jsessionid,how to stop that? i reviewed the code,开发者_开发百科nothing is creating a new session? is it a framework problem or app server problem or what? your help is very appreciated. thank you.

Sounds like you're browser does not receive a valid JSESSIONID cookie (or is blocking it). You can check this by using Firefox with the webdeveloper plugin and check the cookies->view cookies information.

This can be caused by several things, for example: - you servlet server is behind a proxy and does not run on the same domain as you're website and thus creates cookies for a wrong domain (that thus are ignored by you're browser) - you're cookie path is incorrect and thus not available to the rest of the application.