I did research with the suggestions of Stephan Evans and found out more. I created a small sample application to demonstrate.
I type the URL mysite.net and click on the button for Page 2. The session id is the same on the second page. I click on the link on the second page. Again on the third page I see the same session id.
After clearing the cache. I type the URL www.mysite.net and repeat the same steps as above. Now the session id on the third page is different.
So the only difference is in the first case I used mysite.net, and in the second case I used www.mysite.net. I am thinking this may be a security issue. Is this a situation where the browser won't retain a session id if it thinks it is going to another site via a link (i.e., www.mysite.net vs.
http://mysite.net/mypage.jsp)? Is everything fine when you use the URL mysite.net because the link is the same,
http://mysite.net/mypage.jsp?
IE and Firefox have the same behavior. These browsers must realize vorev.net and www.vorev.net are the same site. I must be missing something here. I can deploy the application if anyone wants to try it.
Thanks for your help.