Need to enhance security at web-app level.
As per current implementation:
- The cookie containing the session identifier is not secure
- The session identifier is transmitted in the query string of the URL
To fix these issue we have to add following session config otpions in web.xml
Also we need to update the web-app servlet specification from 2.3 to 3.0