Thank you Mark, We have har files when the server is in error state, it shows that the jsessionid is sent in request.
*Is there a reverse proxy in the mix?* No. we directly access tomcat. *Are you using sessions at all* Yes, we are using the default tomcat session in debugger it says (org.apache.catalina.session.StandardSessionFacade) *That is just a single page and any page can potentially trigger session cre*ation. It is a multi page application we create and maintain our UserSession object, which is used to auth on subsequent requests. The application is working ok on many of our servers, but starts to generate jsessionid for every request once the server goes in the problem state. *It would be interesting to know if you need to clear both of these or whether clearing just one is sufficient to resolve the issue. That might narrow down potential root causes.* I have requested the team to restart without removing work/temp will update later in the week. *You could try attaching a profiler and recording object allocations. That should show you where/how sessions are being created.* I don't think that is possible for a production server, but if we can get a clue on how to reproduce this case. We have a SessionListener, will add logging to it. thanks, Hamdan
