Session ID Management in Servlets

I am having some problems with my web app while doing a performance test with Jmeter. My question is not only about Jmeter, but simple servlet session management.

So we have a web application where when you request a login page, it returns a "Session ID" in the response headers and is used for the subsequent request made by the browser. The session ID is passed along with the username and password, and authentication returns a new session ID and the session is maintained with that session ID. This is the use of cookies.

Now in Jmeter we are using a threading approach for load testing. When I run threads in parallel, what happens is that each thread is requesting a login page and somehow only the last thread to request a login page is authenticated as I feel like the next login page that comes with the new session id in the cookie does invalid old or different session IDs.

It's encouraging that each thread is a different session and has its own cookie manager. This is pretty weird.

However my questions are:

• Does it make sense to have a session id from the login page; I see that maybe a session is created as soon as the app accesses, but is that what sets the new session id cookie? This app has already been written, so I'm just curious.

• If every thread session id is overridden in jmeter, does that mean I can't properly distribute the separate cookie manager? Also, even if there are different sessions in the threads, is there a chance the old session ID or cookie will be dropped?

How would the server know if the session id / cookie is invalid for subsequent requests? I am pretty sure not based on the IP address of the requestor, as different browsers will still allow me to open multiple concurrent sessions.

Any ideas, clarification and light on this matter would be much appreciated.