Session persistence is not supported in WebSphere Application Server - Express.
During application development, modify session-related APIs as needed. Some API changes are required in order to redeploy existing applications on WebSphere Application Server - Express. These include changes to the HttpSession API itself as well as issues associated with moving to support for the Servlet 2.3 specification. Certain Servlet 2.1 API methods have been deprecated in Servlet 2.3 API. These deprecated APIs still work in WebSphere Application Server - Express, but they may be removed in a future version of the API. Changes are summarized in the following list:
Replace instances of putValue() with setAttribute()
During application development, modify Web application behavior as needed. In accordance with the Servlet 2.3 specification, HttpSession objects must be scoped within a single Web application context; they may not be shared between contexts. This means that a session can no longer span Web applications. Objects added to a session by a servlet or JSP in one Web application cannot be accessed from another Web application. The same session ID may be shared (because the same cookie is in use), but each Web application has a unique session associated with the session ID. WebSphere Application Server - Express provides a feature that can be used to extend scope of a session to enterprise application.
Use administrative tools to configure Session Manager security settings as needed. Relative to session security, the default Session Manager setting for Integrate Security is now false. This is different from the default setting in some earlier releases.