Sessions are usually established by cookies which are sent using HTTP headers. A web browser that is asked by server to save a session cookie typically uses that for any subsequent requests: however, for any request that has happened in between, session information will not be present. Thus new sessions can be created in between.
Also, if a browser chooses to reject session cookies, you would get a new session created for every request. That's something that's beyond your control.
This behaviour is general to HTTP traffic/web browsing and not related to any specific product (e.g. Tomcat).