You will not refresh after but just before. When executing the login action first do:
HttpSession session = request.getSession(false);
if (session!=null && !session.isNew()) {
session.invalidate();
}
Then do:
HttpSession session = request.getSession(true); // create the session
// do the login (store the user in the session, or whatever)
FYI what you are solving with this trick is http://www.owasp.org/index.php/Session_Fixation
Lastly you can disable automatic session creation and only create the session when you really need it. If you use JSP you do that by:
<%@page contentType="text/html"
pageEncoding="UTF-8"
session="false"%>