I have developed a very simple example to illustrate session management:
First I am clarifying that, I haven't written any special code for URL rewritting, so there is only one way to maintain session and that is cookies.
Now, when user will open login.jsp and enter username and password, the request will go to servlet. Servlet will create session, add id of this session into cookies and add this cookies into response, forward request to welcome.jsp. After completing welcome.jsp, the servlet will respond to the client...
Now, if we click on 'next' link, the same cookies will come with this new request, container will find session as per the session id found in cookies, and go further...
But before clicking on 'next' button, I am deleting all the cookies through browser (means, no cookies will come with this request), but still container is able to manage session. How???
[ July 15, 2006: Message edited by: rathi ji ] [ July 15, 2006: Message edited by: Bear Bibeault ]
Hello, everyone! I have tried to find out how does the container manage sesssion. I have deleted all the cookies, the container still able to find the session. I guess that the cookie has been loaded in memory, although you have delete all cookies, you cannot delete the cookie in the memory. If you delete all the cookies, close current browser , and open your page in another browser you will never find the session any longer.
Yes, session cookies are stored in memory. MSIE has a section for allowing/disallowing them (under the privacy -> advanced) tab.
If you have the LiveHTTPHeaders plugin for FireFox installed, you can see the name and value of the session cookie being passed back and forth from the server to the client while you're hitting your site.