1. You shouldn't be concerning yourself with the actual session IDs. They belong to the SERVER, not to the webapp. And the server can and WILL change the jsessionId value when it wants to and without informing the web application.
2. getSession(true) does not unconditionally create a new session/sessionID. What it does, is check to see if a session was ALREADY created. If so, it returns that existing HttpSession object. Only if no HttpSession object already exists will a new session be created.
When it comes to destroying a civilization, gas chambers cannot hold a candle to echo chambers.
Are you okay? You look a little big. Maybe this tiny ad will help:
how do I do my own kindle-like thing - without amazon