Is JSESSIONID a cookie ?? How does the container & application manage it ??
If the server is using cookies for session tracking, then the name of the cookie used will be JSESSIONID. So, for example, calling request.getSession will result in the server checking to see if there is already an incoming cookie called JSESSIONID and setting an outgoing cookie of that name if not. Normally, you never deal directly with the cookie; it is a behind-the-scenes tool used by server. However, that cookie has no max age, which means it will be stored in the browser's memory and lost when the user quits the browser. This is normally the behavior you want, but sometimes people want to use the session tracking API but have it based on persistent cookies. In such a situation, you can grab the incoming JSESSIONID cookie, set its max age with setMaxAge, and send it back out again with response.addCookie. Cheers- - Marty