Originally Posted by
_kurt
It is not related to SSL. It is just bad design. The user thinks they are using a web site, but the developer thinks they have written a single-window application. This is a pet peeve of mine when sites break standard functionality of the browser.
Most frameworks give you a single site session per browser session for free. It takes a little more effort to implement session-per-window.
Given other things in the design of AA.com, I kind of figured that this was the answer. The recent changes (well, not so recent now) made the site look quite a bit better, and appear more functional (and it is, for very standard uses), but they just did surface work and didn't deal with underlying problems. Not surprising.
Cheers.