when the first request comes and say i call request.getSession() it attaches the session id in the response header even though session id is attached in the response we still call request.getSession() rather than response.getSession();
When you call the getSession() , server will create the session-id cookie and attaches that cookie to the response header.
After that , if the clent wants to continue the session , it should get the session-id cookie from the response header , it has to attach the same session-id to the Request Header.
So on the hole, Response header are being set
for the clients like browser.
Request Headers are from the client set by the client for Server to process the request.
[ UD: replaced CODE tags with QUOTE tags so that the layout isn't broken ]
[ August 22, 2008: Message edited by: Ulf Dittmer ]