I have narrowed the problem down to a class called JBossManagerCMP in the org.jboss.web.tomcat.tc5.session package. The problem seems to be that JBoss is writing out a cookie when the session is created. Is there a workaround for this, since the cookies are stored in the header and the apache server we use as a proxy won't re-write headers? Preferably I would like to use only the session id for mapping sessions. Which config file would I need to start looking in to replace this session component?