Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SingleSignOn.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/integration/security/SingleSignOn.java,v
diff -u -r1.4 -r1.5
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SingleSignOn.java	26 Oct 2011 17:47:34 -0000	1.4
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SingleSignOn.java	19 Jan 2012 18:36:15 -0000	1.5
@@ -84,6 +84,7 @@
 				break;
 			}
 		}
+
 		if (cookie == null) {
 //			if (log.isDebugEnabled())
 //				log.debug(" SSO cookie is not present");
@@ -100,25 +101,25 @@
 //			log.debug("principal - " + p.getName());
 			register(cookie.getValue(), p, Constants.FORM_METHOD, username, password);
 		}
-		SingleSignOnEntry entry = lookup(cookie.getValue());
-		if (entry != null) {
-//			if (log.isDebugEnabled())
-//				log.debug(" Found cached principal '" + entry.getPrincipal().getName()
-//						+ "' with auth type '" + entry.getAuthType() + "'");
-			request.setNote(Constants.REQ_SSOID_NOTE, cookie.getValue());
-			// Only set security elements if reauthentication is not required
-			if (!getRequireReauthentication()) {
-				request.setAuthType(entry.getAuthType());
-				request.setUserPrincipal(entry.getPrincipal());
-			}
-        	} else {
+        	SingleSignOnEntry entry = lookup(cookie.getValue());
+        	if (entry != null) {
         	    // if (log.isDebugEnabled())
+        	    // log.debug(" Found cached principal '" + entry.getPrincipal().getName()
+        	    // + "' with auth type '" + entry.getAuthType() + "'");
+        	    request.setNote(Constants.REQ_SSOID_NOTE, cookie.getValue());
+        	    // Only set security elements if reauthentication is not required
+        	    if (!getRequireReauthentication()) {
+        		request.setAuthType(entry.getAuthType());
+        		request.setUserPrincipal(entry.getPrincipal());
+        	    }
+        	} else if (!request.getRequestURI().endsWith(Constants.FORM_ACTION)) {
+        	    // if (log.isDebugEnabled())
         	    // log.debug(" No cached principal found, erasing SSO cookie");
         	    deregister(cookie.getValue());
-		    cookie = new Cookie(cookie.getName(), "");
-		    cookie.setPath("/");
-		    cookie.setMaxAge(0);
-		    response.addCookie(cookie);
+        	    cookie = new Cookie(cookie.getName(), "");
+        	    cookie.setPath("/");
+        	    cookie.setMaxAge(0);
+        	    response.addCookie(cookie);
         	}
 
 		// Invoke the next Valve in our pipeline
Index: lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java,v
diff -u -r1.19 -r1.20
--- lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java	22 Jan 2010 05:02:07 -0000	1.19
+++ lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java	19 Jan 2012 18:36:15 -0000	1.20
@@ -176,26 +176,29 @@
     public static void startSession(ServletRequest req, ServletResponse res) {
 	Cookie ssoCookie = findCookie((HttpServletRequest) req, SystemSessionFilter.SSO_SESSION_COOKIE);
 	String currentSessionId = null;
-	if (ssoCookie != null) {
+
+	if (ssoCookie == null) {
+	    currentSessionId = (String) new UUIDHexGenerator().generate(null, null);
+	    // create new session and set it into cookie
+	    createSession(currentSessionId);
+	    ssoCookie = createCookie((HttpServletResponse) res, SystemSessionFilter.SSO_SESSION_COOKIE,
+		    currentSessionId);
+	    SessionManager.log.debug("==>Creating new " + SystemSessionFilter.SSO_SESSION_COOKIE + " - "
+		    + ssoCookie.getValue());
+	} else {
 	    currentSessionId = ssoCookie.getValue();
 	    Object obj = getSession(currentSessionId);
-	    //log.debug(ssoCookie.getName() + " cookie exists, value " + currentSessionId);
+	    // log.debug(ssoCookie.getName() + " cookie exists, value " + currentSessionId);
 	    // if cookie exists, but session does not - usually means session expired.
 	    // delete the cookie first and set it to null in order to create a new one
 	    if (obj == null) {
-		log.debug(SystemSessionFilter.SSO_SESSION_COOKIE + " " + currentSessionId 
+		log.debug(SystemSessionFilter.SSO_SESSION_COOKIE + " " + currentSessionId
 			+ " cookie exists, but corresponding session doesn't exist, removing cookie");
-		removeCookie((HttpServletResponse) res,SystemSessionFilter.SSO_SESSION_COOKIE);
-		ssoCookie = null;
+		removeCookie((HttpServletResponse) res, SystemSessionFilter.SSO_SESSION_COOKIE);
+		currentSessionId = null;
 	    }
 	}
-	if (ssoCookie == null) {
-	    currentSessionId = (String) new UUIDHexGenerator().generate(null, null);
-	    // create new session and set it into cookie
-	    createSession(currentSessionId);
-	    ssoCookie = createCookie((HttpServletResponse) res, SystemSessionFilter.SSO_SESSION_COOKIE, currentSessionId);
-	    SessionManager.log.debug("==>Creating new " + SystemSessionFilter.SSO_SESSION_COOKIE + " - " + ssoCookie.getValue());
-	}
+
 	
 	Cookie cookie = findCookie((HttpServletRequest) req, SystemSessionFilter.SYS_SESSION_COOKIE);
 	if (cookie == null) {
@@ -206,7 +209,7 @@
 		session.invalidate();
 	    }
 	}
-	 
+	
 	setCurrentSessionId(currentSessionId);
 	// reset session last access time
 	SessionVisitor sessionVisitor = getSessionVisitor();