I found my problem. It was the placement of my call to encodeURL(). I had put it in the server-side code which we use to send the end-user to the approprate page. Assuming "url" contains the URL we want to forward the user to, we use a RequestDispatcher as follows: RequestDispatcher rd = request.getRequestDispatcher(response.encodeURL(url)); rd.forward(request, response); When done like this, the url never got encoded with the session ID. However, when I call the encodeURL() mehtod in the JSP code intead, it works. Thanks. ... Tim View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3969597#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...