The application was then deployed on some production-like environment with Apache server as a front end. So far, so good... Not exactly.
I discovered that I have no session! The problem lies in my webapp (I could rewrite jsessionid in the URLs) as well as in the Apache configuration (the latter is more annoying). The problem was that the cookies were not forwarded to and from the Tomcat server - but why?! It should be the default behavior but it is not, unfortunately.
Solution is quite simple but requires some non-zero knowledge of the Apache server configuration - that sucks! I'm not an Apache admin but a software developer. Anyway here is the solution: link
REMEMBER: Always check whether session ID is stored in a cookie or you need to rewrite jsessionid in the URL - see encodeURL