Newbie problem with Sessions

[Derek Clarkson <De...@lonelyplanet.com.au>]

Hi guys,
Not sure if I'm in the right list for this ;-)

I'm trying to debug an application which has basically been cobbled together
by a number of previous programmers using a mix of servlets, jsp and struts.
The app also uses 3 contexts - 2 normal and 1 secure via apache. The problem
is this, if I log on and setup some stuff on the main site, the software
uses the same session through out. Security is done but storing a user
object in the session. If I then perform a CC transaction which requires the
secure server to be used and then come back to the main server, the session
is "lost" and the system insists I logon again. Then every time I try to
access a page it keeps creating new sessions and insisting I relogon. This
only seems to happen after I access the secure server. I have to restart the
browser to get everything working again.

I've logged the session ids which is how I tell when it starts accessing
different sessions. The software appears to have originally been written to
use cookies, but whilst they are stored, they are not used anywhere. 

Questions:
1. If the software creates and stores a cookie, but never actually retrieves
it, can this effect the session ? I've read something about cookies
controlling sessions, but I don't know how this works.

2. What sort of things will cause a server to start a new session ? 

Any help much appreciated.

Ciao
Derek.