How go I get access to httpsession using JAAS/JBOSS declarative login or authenticating users? Do I need write custom security interceptor? We are using JAAS login modules and have a requirement to create persistence cookies.
JAAS is not involved in the session id generation. You would need to create a custom org.apache.catalina.Manager implementation that changed the session id generation.