I have an app which works happily under v2.4.3 but under 3.0 RC1 consecutive requests to the servlet do not maintain the session id. I've checked my browser and it should be allowing any and all cookies. I don't have any role info coded, but the servlet authType is null, so that should not present a problem. Any ideas anyone?