If you look carefully at HttpServletResponse's API, you'll see that there is no getSession method there. You retrieve or make a session via the request. I don't have the book, so I can't clearly explain what they mean by "Sending a session cookie in the RESPONSE".
Christophe Verre, can you please help me out in this?
I don't think that the term "session" in "Sending a session cookie in the RESPONSE" is referring to the HttpSession object on the server side.
I don't have my HFSJ in front of me, but I suspect that "session cookie" means one of two things: 1) A cookie that holds the JSESSIONID, meaning a cookie to identify which session object the client belongs to. 2) If a Cookie does not have an expiration date, it will be deleted when the user closes her browser window. In a sense, these could be called session cookies -even though they could outlive an HttpSession- because they live only for the browsing session.
But with either of my assumptions I wouldn't expect that a coder would need to retrieve the HttpSession for either one. #1 is managed entirely by the container and #2 has nothing to do with HttpSession. So I'm confused. Mind explaining the context of your question a little more?