I'm trying a new approach to Servlets 4b. I'm calling session.invalidate() from somewhere in my servlet, but it doesn't work like I thought it would. In my book the text states that calling invalidate() on the session object removes all attributes including the jsessionID cookie. But when I look up the cookies, the ID is still there, and when I log in again thinking I'm opening a new session, the ID is the same as before. What's up with that?