I have read that in case of stateful session bean - every invocation which is performed on the same proxy reference will be handled by the same bean instance. I wonder how it is possible.
In servlets cookies have to be enabled (or URL rewritting, or hidden fields) in order to maintain conversational state. But I have not encountered on such requirement in case of stateful session beans. It seems that is is held automagically . Can someone reveal this secret?
I am not sure about low level mechanism, but note: HTTPS does not need cookies to track the client (from servlet specifications), so I assume that some secured protocol used to invoke session bean and for sure if it's secured then the client must be known.
Java Platform, Enterprise Edition 6 Web Services Developer Certified Expert Exam Study Guide and Quiz Exam 1Z0-810: Upgrade to Java SE 8 Programmer Study Guide and Quiz
One other possibility to associate a certain proxy instance with a specific stateful EJB instance is that the proxy attaches some kind of identification token to the call that is made to the EJB. The EJB does not receive the call directly, but instead it goes to some kind of facade which, based on the identification token in the call selects the appropriate bean instance to serve the call.