Hey Chintahn , Its time for you to upgrade. I've been using Tomcat 5.0.16 which too is not the latest one. But
you should try upgrading from 3.3. As older containers might not handle session tracking correctly..
For example , I had an small application which took username from an html page and there was a logout page, Once the user clicks logout and clicks back , And again tries to logout, He gets a value Thankyou for loggingout "NULL".. This time it invalidated the name of the user in session. But for this you also need to use session.removeAttribute("NAME OF YOUR SESSION VARIABLE");
Try this and let me know if it works fine..