An error occurs when running multiple tomcat server instances on the same machine but on different ports and accessing them in parallel browser windows/tabs.
Cookies are stored only per hostname, but per default not per host+port name. This causes a conflict in session handling.
"Google's Browser Security Handbook says: by default, cookie scope is limited to all URLs on the current host name - and not bound to port or protocol information. and some lines later There is no way to limit cookies to a single DNS name only [...] likewise, there is no way to limit them to a specific port. (Also, keep in mind, that IE does not factor port numbers into its same-origin policy at all.)"
Name session cookie key differently for each tomcat instance on the same host.
on Tomcat 5/6
set System parameter org.apache.catalina.SESSION_COOKIE_NAME for each tomcat instance differently
on Tomcat 7
set sessionCookieName attribute for each Context differently (in context.xml in tomcat config folder)
(since Tomcat 7 org.apache.catalina.SESSION_COOKIE_NAME moved to an attribute on the main <Context> config - see http://tomcat.apache.org/migration-7.html#Session_manager_configuration)
Sample context declaration of instance1:
<Context path=... sessionCookieName="EccInstance1" ... />
Sample context declaration of instance2:
<Context path=... sessionCookieName="EccInstance2" ... />