1. You shouldn't be concerning yourself with the actual session IDs. They belong to the SERVER, not to the webapp. And the server can and WILL change the jsessionId value when it wants to and without informing the web application.
2. getSession(true) does not unconditionally create a new session/sessionID. What it does, is check to see if a session was ALREADY created. If so, it returns that existing HttpSession object. Only if no HttpSession object already exists will a new session be created.
Bjoke: A "Bully Joke". A Statement or action made with malicious intent - unless challenged. At which point it magically transforms into "I was just funnin'" or "What's the matter, can't take a joke?"
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop