Thankyou bear. You nudged me in the right direction, and now my login servlet is working like a dream.
I will describe how what I did, for the benefit of others.
It turns out that the servlet generated from the JSP does work correctly, in exactly the same way as the JSP. I was being stupid and looking at the wrong URL while testing it.
I only noticed this while doing as you suggested and checking if I was dealing with the same session object. I did this by doing a toString on both the session object and the bean object, to compare the object IDs. (Is that what you meant? Probably there is some better way to test this)
You said it was harmless but unnecessary to set the bean back to the session with the session.setAttribute("icClient", icClientBean); line. So I tried taking this out. In fact I had suspected this already, and had tried it before.
The resulting effect is that the login servlet works, and re-logs-in sucessfully after going to a 'logout.jsp' (which does session.invalidate). But then it breaks in the other two cases: if the session is destroyed because the server is re-booted, or if the session times out.
Then it ocurred to me that these two cases are where the bean is null and therefore must be re-created. So the fix which nailed this problem was to set the bean back to the session, only
at the top in position shown here:
So it seems 'harmless but unnecessary' was not entirely correct. Calling session.setAttribute("icClient", icClientBean) was actually breaking the connection. In the absence of this call at the bottom, the connection persisted correctly. (something to do with serialisation?)
However it is
necessary to make this call at the top, if the bean was found to be null in the session. Which seems obvious now that I look at it
I can't believe it finally works just by moving that line. Thanks for your help with getting to the bottom of this!