From: <glassfish_at_javadesktop.org>
Date: Thu, 18 Sep 2008 19:45:48 PDT
Just to summarize: I don't think there is any issue here. It is unfortunate that the resumed request will inherit (from the original request) a cookie with a JSESSIONID that does not match the currently active session (that was created by the FormAuthenticator when it forced a re-login), but as far as I can tell, the stale JSESSIONID cookie will not interfere with the currently active session in any way.