Please see http://www.liferay.com/community/forums/-/message_boards/message/13908890 for details

I just examined my tomcat access log and I'm seeing the following:

On my first sign in attempt, which fails, I have this log entry:
76.118.185.83 - - [13/May/2012:09:19:24 -0400] "POST /home;jsessionid=E21D703049C3A24C1E825B1A162D5F76?p_auth=ZhsiMJe1&p_p_id=58&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin&_58_doActionAfterLogin=false HTTP/1.1" 404 654

On my second sign in attempt, which suceeds, I have this log entry
76.118.185.83 - - [13/May/2012:09:20:18 -0400] "POST /home?p_auth=ZhsiMJe1&p_p_id=58&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin&_58_doActionAfterLogin=false HTTP/1.1" 302 -

The placement of the jsessionid in the first attempt is the only difference I see.

These are the default settings around cookies in the portal.properties file:
#
# Set this to false to disable all persistent cookies. Features like
# automatically logging in will not work.
#
session.enable.persistent.cookies=true

#
# Set this to true to enable sessions when cookies are disabled. See
# LEP-4787. This behavior is configurable because enabling it can break
# certain setups.
#
session.enable.url.with.session.id=true

It seems like the session.enable.persistent.cookies=true is being ignored. I wonder if jsesion is hardcoded in some places by mistake. I see that there were issues with this in the past.

I googled liferay and jsessionid and see some tickets about this issue but they are for older version, but old bugs sometimes have a way of coming back and haunting you sometimes.

I think I just solved the problem by session.enable.url.with.session.id=false however this solution then forces my users to have cookies enbaled.