Session

HeLLo SiR...
I m using JSP,Serlets in my application.
I need help to set manually my own id to session i.e. JSESSIONID so that i should not accept externally created sessions in my application...
please provide help tutorials and url...

Why do you need to subvert this behaviour? Are you in some sort of environment that does not pass the JSEESIONID (e.g. a load balancer)?

Thanks for your response..
Following is the reasion for which i have to go for setting JSESSIONID of my own.
ERROR
The same request was sent twice in different sessions and the same response was received.
This shows that none of the parameters are dynamic (session identifiers are sent only in
cookies) and therefore that the application is vulnerable to this issue.
Remediation
Do not accept externally created session
identifiers (Low) - Session Identifier Not Updated
please provide some help as early as possible...
Thanking you...

I'm not sure I understand that error. I can't think what identifies a request as the same request, and why this is an issue. I might just be being thick though. What is generating it?

My application is tested in IBM AppScan after testing it has shown this modifications... These security issues and vulnerabilities i have to handle So...

Imagine you fulfill a report and submit it. Then you go back, fulfill with the same data and re-send. Those requests will be the same.

The error says "The same request was sent twice in different sessions".
Maybe the problem is the same object in a lot of sessions.