It sounds like you need to introduce some Session Management and/or page expiry (e.g. When should a session expire), here is a link to an introduction on sessions in Java, hopefully that helps get you started!
This is a client side issue, so I don't think any server software will solve it. If I interpret it correctly, then the question is about why a new window transmits cookies that were set in a different window. Different browsers handle this in different ways, so there may not be much that the web app can do about it.
Why is the behavior you describe a problem? Why should a user need to log in twice just to run an application in two windows? [ September 30, 2008: Message edited by: Ulf Dittmer ]