Session cookie created

Session cookie jsessionid should be allowed contrary to recommended best practices.

Best practices typically recommend that a session cookie should not be created unless absolutely necessary (for example, when the user actually logs in). However, Mobile Portal Accelerator creates a jsessionid cookie for an anonymous user.

Based on the following, this creation of the session cookie is acceptable:

Portal requires the session for the Short URL support (for example, Portal stores the state in the session rather than the URL).
The MCS Device is placed for the user in the session so device recognition is not performed on every request.