Ok, so I'm not going nuts. Here's what I'm doing: Apache front end to the site JBoss portal (routed by apache) Legacy app in Iframe portlet on another jboss server. Just trying to make sure that the portal session doesn't stomp on the legacy apps session. It looks like jboss is tolerant of this (reusing the cookie if it exists) but I'm not sure yet. Thanks, Jaon View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3963172#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...