Thanks Jay, you are right. It is operating correctly. This does not mean it's doing what I want it to do.
. Actually, I have the answer to my question. Some guys on JGURU answered it for me. I thought I would share the info. What you need to do and I quote
"you need to keep your own unique token, in the request + response, not in the session. You put a hidden field (a "LouisSessionID") with a randomly generated id, in the form on the jsp. Your user submits the form, and you get the value for it in your form bean ("getLouisSessionID()") the form bean should be in request scope, not session scope).
You compare the incoming value with ones you have previously generated. You use this as your own private session-like reference, a key to some per-request data you maintain on your own.
Perhaps in your Action you check if the "LouisSessionID" has already been set, indicating this is part of an ongoing conversation. If already set, you use it as your key to lookup this LouisSession (distinct from HttpSessions which are shared among windows). If not set yet, you generate a new random one, and set it in the form bean, prior to displaying the JSP."
So thanks to all.
Louis
[ August 25, 2003: Message edited by: Louis - Jean Morisset ]