How can I override the JSESSIONID created by the servers ? I want my web application to maintain the session based on a session cookie created by me. Even if somebody is able to hack the jsession id created by the server, it should not be an issue with the application.
Even if somebody is able to hack the jsession id created by the server, it should not be an issue with the application.
Any session mechanism you create yourself will have the same vulnerability since the id will have to appear in a cookie or elsewhere in the request. There are better ways to be sure that you are talking to an authorized user.