In the book "Head first JSP & Servlets", on page 275, they say:
Isn't it a flow from the point of view of security? Wouldn't it be better not to expose the information about the internal system of the server?the specification dictates that
the session tracking cookie
must be JSESSIONID.