java - GAE Session id mismatch -

i running issue gae , session management.

i have endpoint creates , stores user information in session upon successful login.

however, unable retrieve information on client side. 1 thing i've noticed jsessionid , gae session id being different.

session being created in google's datastore said, id differs 1 on client side (jsessionid).

i have tested using servlet instead of endpoints , works charm... did in order pinpoint root cause downsize code basic example (see below).

any idea root cause is? appreciate help. thanks.

gae endpoint

@apimethod(name = path.operationurl.test, path = path.operationurl.test, httpmethod = httpmethod.post) public response test(httpservletrequest request) throws databaseexception {     string name = request.getparameter("name");     string pwd = request.getparameter("pwd");      //creating session     httpsession session = request.getsession();     session.setattribute("name", name);     session.setattribute("pwd", pwd);     session.setattribute("sessionid", session.getid());       return new response(status.success, "session created...." + session.getid()); } 

jsp page

<%@ page pageencoding="utf-8" %> <%@ page session="false" %> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <!doctype html> <html> <head> <meta charset="us-ascii"> <title>login page</title> </head> <body>  <button type="submit" onclick="callendpoint();">click</button>  <p>username: ${name}</p/><br> <p>pwd: ${pwd}</p>  <script> function callendpoint(){     gapi.client.userendpoint.test().execute(function(resp) {         if(resp.status === 'success'){             alert(resp.message);         }else{             alert(resp.message);         }     }); } </script> <script> function init() {     var location = window.location.origin;     gapi.client.load('userendpoint', 'v1', null, location+'/_ah/api'); } </script> <script src="//apis.google.com/js/client.js?onload=init"></script> </body> </html> 

well root problem endpoints aren't handled app directly. go through google's architecture first that's why getting inconsistent jsessionids servlet request being dispatched endpoint request coming form somewhere else.

what use endpoints return "token" result of successful login, send token (header) on every request client side , fetch session based on token. using objectify's @cache aggressively cache sessions info no changed often, use authorization , authentication purposes.