Attribute session-id-length of servlet-container:

/subsystem=undertow/servlet-container=default:read-resource-description[session-id-length]

does not work exactly the way its description says:

"description" => "The length of the generated session ID. Longer session ID's are more secure.",

When I change it's value to X, actual result value of servlet session ID is ((X + 2) / 3) * 4, see this line of code. I am not sure what is the reason of this (probably to get some close greater number that can be divided by 4?).

Please there should be either:

• changed code so result session ID has length that corresponds to what user set
• or update attribute description to explain user properly what is actually set

Note: here is the Jira for which this feature has been introduced into Wildfly.