TomcatExpert: Session Fixation Protection
The tomcatexpert site has a new article describing new session fixation protection features built into tomcat 7 (and more current versions of tomcat 6) written by Mark Thomas. It describes what it is, what it is used for, and how to disable it if necessary (although turning it off should not be done unless absolutely necessary). Check it out!
