Where lies the difference between Way 1 and Way 2 ?
In "Way 2", I only rename the SESSION_COOKIE_NAME and not the SESSION_PARAMETER_NAME, am I right? To rename the SESSION_PARAMETER_NAME, I also can use -Dorg.apache.catalina.jsessionid=SID, am I right?
Are there any disadvandtages to rename the default JSESSIONID/jsessionid to something else? The Tomcat Specifications says (http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html):"Note that the Servlet specification requires this to be jsessionid/JSESSIONID. You should not rely on being able to change this."What does this mean? Are there any disadvandtage to rename it? For example, broken authentication, security lacks or the like?