Not possible unless you were to recompile Tomcat, why would you need to configure the length?
Thank You for reply!
I would like to config a stronger session id with capitals,lowercases,numbers and punctuation marks for the higher security. Is this unnecessary?
Length should be sufficient, I haven't seen any issues with security concerns over the actual JSESSIONID content wise, since it has a length of 32 characters, that should be plenty.