I encountered a problem with sessions and cross context calls. Here is a scenario: We have to webapps (webapp1 and webapp2). webapp1 is configured with cross contex set to true so it is able to dispatch to webapp2. Now user access webapp1 and webapp2. Two sessions are created for both webapps. request.getSession in webapp1 returns session1 request.getSession in webapp2 returns session2 Problem is during dispatching request from webapp1 to webapp2, because request.getSession in webapp2 does not return session2, but only for request which is dispatched from webapp1. all the following request which are not cross context again return session2, so session is not lost. Tomcat 5.0.x works fine when dispatching cross context requests (two separate sessions are maintained for each webapp).
5.5.x maintains two separate session objects although they do have the same ID. I have also confirmed that session attributes are not visible across contexts. I do not see anything in the current behaviour that goes against the requirements of section SRV.7.3 of the servlet specification. I am therefore closing this as INVALID.