Session Hijacking Prevention

[ChakshuGautam]

I wanted to prevent users from getting the sessionID and using them on non logged in browsers. I have added the following

req.getSession(false).setMaxInactiveInterval(1); // To prevent session hijacking.

snippet here to discard cookies after one second.

aggregate/src/main/java/org/opendatakit/common/security/server/SecurityServiceImpl.java

Line 57 in bad4527

This seems to be working fine but I don't know the side effects of this approach. Anything else that I can do here?