sorry just wanted to comment one thing more: if this session appending is happening just the first time you hit the application (so you are without a cookie) in this case I think the servlet container is doing the right thing (it does not know you support cookies on first hit). This might cause problems to some web server (e.g. apache for mod_jk connector) to resolve urls.
I think this is all that comes to my mind given the informations you gave :-)
