posted 16 years ago
I do not understand what you are asking or the point you are trying to make. IT seems to me that you think that the session ID is only obtained from the cookie and it is the first trip to the server that has no cookie with a session ID that is your concern. The container is doing a lot of things for you including checking to see if the request is associated with an existing session. On the first trip back to the client, since it cannot know at that point if the client accepts cookies or not, it will send both a cookie and the appended information in the URL if URL rewriting is turned on and encodeURL method is invoked.