posted 21 years ago
A couple of points I'd like to clarify:
Firstly, cookies aren't files sent by the server, they are sent as text in the HTTP header and then saved as a file on the filesystem if required - they don't always get saved.
The cookies used for HttpSessions are usually session cookies, and for security reasons they don't usually get written to the file system (ie only memory-resident), but this is browser specific behaviour.
If the browser is closed, memory-resident session cookies are lost and you no longer know who the user is.
Unless you specifically write some user data to a persistent cookie, and then only if the client accepts it, there is no way to track users from one day to the next. For eample, javaranch writes the userId as a cookie which gets saved to the filesystem. This is why you don't have to login each day.
Dave