An extension to the above question, assuming that browser would attach the cookie and send the http request to server, how can browser determine the exact cookie as we may have many cookies stored in our client machine through out the day browsing different sites. Please clarify me on these.
I'll start with this first because it's the easiest. When a browser stores cookies, it also stores the domain. So you can have multiple cookies -even of the same name- stored on a single machine if they are from different domains.
I'm a beginner in Web component world and just started preparing for my exam. I have a small query here. Is that for "Convinience" or for routing back the sessionid to client via encoding URL, as the client may not be interested in accepting cookies.
Also, it is mentioned in Head First book that, Container woule embed a session object into a cookie and send it back to client through response. Good. But when there is a subsequent request from the client, Container verifies the cookie that came along with request. Now, my point is "Is the request coming from client application running from browser or the browser itself", because I haven't seen any code where any client application sending cookie along with its request.
The browser sends all the cookies with every request for the given domain. If the browser has cookies disabled, then we have to rely on URL rewriting. The API HttpServletResponse methods are actually
encodeURL and
encodeRedirectURL but the process is really rewriting, as encoding really means something else entirely. You could try to rewrite the URLs yourself but letting the container do it is a ton easier. The absolute easiest way is to use the c:url tag everywhere you don't want a user to get disconnected from a session.