when adding below line in jbossweb.sar/context.xml

<SessionCookie secure="true" httpOnly="true" />

the JSESSIONID cookie valu changes in subsequent requests, resulting to weired session related issues (no sessions maintained et all), i tried to google for info on this line, but didn't found anything concrete.

can some ont throw some light on this line?