I've seen some browsers (Netscape) truncate the query string portion of an action URL in the <form> tag:
<form action="http://target.com/servlet?param=val"; ...>
such that the target servlet receives the HTTP request without "param=val", but
that's usually with method="GET".
Perhaps you should check the log to see if the session cookie is being set and
returned by the POST.
