1. If you open new browser with URL alone, it creates a new session id
yes...it is correct ...Because...if you are not sending sessionID then how will server recognize you...you have to send sessionID to server,here you told you are not sending it through URL(& if your cookie is disabled then server cannot identify you ),So,no sessionID to resognize the session, So it will create new SessionID thinking that you are asking for that resourse for the first time
2.If you refresh in the same browser, same session id is used
Here ,since you have already accessed the server , server have sent sessionId (may be appended to URL or store that in cookie...it depends whether u enabled\disabled cookie).....if it is written in URL then,when u press refresh button ,since you are having Session ID appended in URL..same session ID will be used(if time out has not elapsed)
3.If you open a new broser with URL appended jsessionid, same session id is used.
thats correct ..because server can identify you through Session id ,so no need to create another session id(ofcource if time out has not occured)....
[ July 24, 2006: Message edited by: harish thrivile ]