Security 1
Turning off the Session Fixation in Tomcat Since Tomcat 6.0.21 a mechanism called Session Fixation was introduced. By default it is turned on. Therefore it might cause problems, if some implementation is based on the SESSIONID.