The page# 199 of HFSJ book says that "The client could open a new browser window! So the container can still use the same session for a client". But, in the earlier chapter it said that the browser is the client.
I am confused whether the computer or the browser the client?
Does the response from Sumeet seem correct. I understand it is at the cookie level that the sessions are being controlled. Basically when a page is requested from the server, the JSESSIONID is passed, and on the server side the JESSIONID is checked for being valid.
If not, that means the session no longer exists due to 2-3 reasons.