We're having problems with users being timed out prematurely in our web application.
It happens sometimes, not always.
The timeout is random and the server assigns a NEW jsessionid to them.
It seems that Internet Explorer suddenly sends a new jsessionid in the cookie, or not send at all, so the server (tomcat) doesn't associate the request to the correct http session, and so the user lose his session data.
We have verified that the http session is still alive in that moment, so it doesn't happen as it has been invalidated.