diff --git a/ui/scripts/cloudStack.js b/ui/scripts/cloudStack.js
index 046843d60ec..19d6bd006dc 100644
--- a/ui/scripts/cloudStack.js
+++ b/ui/scripts/cloudStack.js
@@ -105,10 +105,10 @@
             bypassLoginCheck: function(args) { //determine to show or bypass login screen
                 if (g_loginResponse == null) { //show login screen
                     /*
-           but if this is a 2nd browser window (of the same domain), login screen still won't show because $.cookie('sessionKey') is valid for 2nd browser window (of the same domain) as well.
-           i.e. calling listCapabilities API with g_sessionKey from $.cookie('sessionKey') will succeed,
-           then userValid will be set to true, then an user object (instead of "false") will be returned, then login screen will be bypassed.
-           */
+                     * Since we no longer store sessionKey in cookie, opening the
+                     * 2nd browser window (of the same domain) will show login screen (i.e. user has to
+                     * enter credentials again) and will cause the 1st browser window session timeout.
+                     */
                     var unBoxCookieValue = function (cookieName) {
                         var cookieValue = $.cookie(cookieName);
                         if (cookieValue && cookieValue.length > 2 && cookieValue[0] === '"' && cookieValue[cookieValue.length-1] === '"') {
@@ -117,7 +117,7 @@
                         }
                         return cookieValue;
                     };
-                    g_sessionKey = unBoxCookieValue('sessionKey');
+                    g_sessionKey = unBoxCookieValue('JSESSIONID');
                     g_role = unBoxCookieValue('role');
                     g_userid = unBoxCookieValue('userid');
                     g_domainid = unBoxCookieValue('domainid');
@@ -226,9 +226,6 @@
                         g_timezone = loginresponse.timezone;                        
                         g_userfullname = loginresponse.firstname + ' ' + loginresponse.lastname;
 
-                        $.cookie('sessionKey', g_sessionKey, {
-                            expires: 1
-                        });
                         $.cookie('username', g_username, {
                             expires: 1
                         });
@@ -324,7 +321,7 @@
                         g_regionsecondaryenabled = null;
                         g_loginCmdText = null;
                         
-                        $.cookie('sessionKey', null);
+                        $.cookie('JSESSIONID', null);
                         $.cookie('username', null);
                         $.cookie('account', null);
                         $.cookie('domainid', null);
@@ -347,7 +344,7 @@
             },
 
             samlLoginAction: function(args) {
-                $.cookie('sessionKey', null);
+                $.cookie('JSESSIONID', null);
                 $.cookie('username', null);
                 $.cookie('account', null);
                 $.cookie('domainid', null);