J2EE Misconfiguration: Insufficient Session-ID Length

The J2EE application is configured to use an insufficient session ID length.