In our application there might be a problem if the same user interacts with the system from multiple sessions. One solution could be to invalidate the older active session, if one exists, for a user who just logged in. But I think it would be better to just keep the older session active and use it for the new browser instance as well. That way the user can switch between the browsers and keep working.
I know that sessions can be stored in the ServletContext, probably in a map with the userid as the key, but I'm not sure how to tell the response and request objects to switch to a preexisting session. Request probably isn't necessary to switch, as the old session can be stored as an attribute and another attribute can tell
servlets and jsps to use that session. Response however must be changed. Maybe manual fiddling with the headers, or could there be some function?