diff --git a/apps/susimail/src/WEB-INF/web.xml b/apps/susimail/src/WEB-INF/web.xml
index d5fa807a2661f089edc4017b0d1c6d5e49e6ced4..75aa1fd48458fa0c2eaac924a69196989af10900 100644
--- a/apps/susimail/src/WEB-INF/web.xml
+++ b/apps/susimail/src/WEB-INF/web.xml
@@ -15,6 +15,20 @@
   <session-config>
     <session-timeout>1440</session-timeout>
   </session-config>
+  <!-- tomcat (untested) -->
+  <context-param>
+    <param-name>crossContext</param-name>
+    <param-value>false</param-value>
+  </context-param>
+  <!-- jetty
+    -  This is required so the same session ID isn't shared with
+    -  the base context. When shared, it's expired after 30 minutes
+    -  in the base context which invalidates it in our context too.
+    -->
+  <context-param>
+    <param-name>org.eclipse.jetty.servlet.SessionCookie</param-name>
+    <param-value>SUSIMAILJSESSIONID</param-value>
+  </context-param>
 
 <!--
      Jetty 6 mulipart form handling
diff --git a/apps/susimail/src/src/i2p/susi/webmail/WebMail.java b/apps/susimail/src/src/i2p/susi/webmail/WebMail.java
index aaaef423fdd0d8117d9d0116190d5e1ebaae06ed..478e24126f4cd04075e2ab1f9f35cf24f6ba8e15 100644
--- a/apps/susimail/src/src/i2p/susi/webmail/WebMail.java
+++ b/apps/susimail/src/src/i2p/susi/webmail/WebMail.java
@@ -1280,13 +1280,13 @@ public class WebMail extends HttpServlet
 			int newState = sessionObject.state;
 			if (oldState != newState)
 				Debug.debug(Debug.DEBUG, "STATE CHANGE from " + oldState + " to " + newState);
-			if (oldState == STATE_AUTH && newState != STATE_AUTH) {
-				// this isn't working in web.xml, so try setting it here
-				int oldIdle = httpSession.getMaxInactiveInterval();
-				httpSession.setMaxInactiveInterval(60*60*24);  // seconds
-				int newIdle = httpSession.getMaxInactiveInterval();
-				Debug.debug(Debug.DEBUG, "Changed idle from " + oldIdle + " to " + newIdle);
-			}
+			// Set in web.xml
+			//if (oldState == STATE_AUTH && newState != STATE_AUTH) {
+			//	int oldIdle = httpSession.getMaxInactiveInterval();
+			//	httpSession.setMaxInactiveInterval(60*60*24);  // seconds
+			//	int newIdle = httpSession.getMaxInactiveInterval();
+			//	Debug.debug(Debug.DEBUG, "Changed idle from " + oldIdle + " to " + newIdle);
+			//}
 			
 			if( sessionObject.state != STATE_AUTH )
 				processGenericButtons( sessionObject, request );