Session lost on page refresh

Hello,

I have a webapplication deployed on WAS5.1;
it has a page that has to auto-refresh every 30 seconds.

To do so, i put two attributes on the incoming request for the page:

request.setAttribute("refresh_url", "my_url");
request.setAttribute("refresh_time", "30");

So far, so good. The page loads and refreshes every 30 seconds.

Is it required to "enable cookies" in the webcontainer? Then
everything works.
But then I have the problem that the user needs to shut down his
entire browser
to be sure that all session data is cleaned after logout.
If he does not, some data is still present in the session after a new
login
(from the browser cookie I guess?)

When I try the same without "enable cookies", my initial session gets
lost on page refresh.
(and a new one is created on every refresh).

Is there a way to maintain my initial session then?

I already tried:
- adding ";jsessionid=<THE_SESSION_ID_OF_THE_INITIAL_REQUEST>" to the
refresh_url
- getting the jsessionid cookie from the initial request and posting
this to the response

Many thanks!
Koen

Are you using instance variables somewhere and that is carrying over?

An object is saved in session.

Then, when I logout (session.invalidate())
and log in again (even with another user!),
the object is in session scope again.

I don't know alot about cookies..
How does this object get into session scope again?

Koen

I'm going to move this to our Websphere (WAS) forum.
I'm not very familiar with WAS but I've heard in passing that it has a proprietary mechanism for keeping sessions alive with cookies that is beyond what is in the servlet spec.

I could be wrong about this and the folks in the WAS forum will know better.