Weblogic create new session on every request (SPNEGO enabled)
Sample test servlet that does:
HttpSession session = request.getSession();
out.println("Requested Session Id: " + HTMLFilter.filter(request.getRequestedSessionId()));
out.println("Current Session Id: " + session.getId());
If no authentication (security constraints are removed from deployment descriptors) - everything works fine, weblogic create session and keeps the same session in further requests.
If i add security constraints and enforce authentication - weblogic on every request create new session ID (meaning requested and current session are always different)
Weblogic 10 MP1, java 1.5.0_26
Here are deployment descriptors: