I should assign unique JSESSIONID after authentication.
The JSESSIONID before authentication and after authentication should always be different.
So, how can I do this using Struts 2?
You should refer to following
http://nickcoblentz.blogspot.in/2008/09/jsessionid-regeneration-in-struts-2.html
Your class must implement SessionAware for this. There are 4 methods suggested for it .
One of them could be
((SessionMap)this.session).invalidate();
this.session = ActionContext.getContext().getSession();