I'm learning Servlets and JSP with HFSJ. Somewhere in this book, I read this:
on the client’s first request, the Container generates a unique session ID and gives it back to the client with the response. The client sends back the session ID with each subsequent request.
I have the following question to ask on it:
Even if cookies are enabled on the client, what ensures that the client will effectively send back the session ID with each subsequent request? Can't it be possible that, even if cookies are enabled on the client, the client doesn't send back the session ID with subsequent requests?
If "cookies" is enabled in the browser, and yet it is NOT sending back a known cookie with the request, then you have a bug in the browser. The HTTP Cookie Wikipedia article speaks to how the browsers are supposed to implement cookies, with links to the actual specs that define the behavior.
If a browser doesn't implement this, it doesn't fully speak HTTP 1.1.
In preparing for battle I have always found that plans are useless, but planning is indispensable. -- Dwight D. Eisenhower
->working with Cookies is one of the ways used for session tracking.
->Cookies come to client along with the response as "set-cookie" ->response header values.
->similarly,Cookies go back to web application along with the request as " cookie"->request header values.
programmer creates cookies at server side by using servlet/Jsp kind of web resource program,but thy come to client side along with the response for allocating memory.
these cookies go back to their web application when request i given to that web application from browser window.(client).
the main disadvantage with cookies is:
cookies can be restricted coming to browser window from websites,this fails session-tracking.
so its all depends upon the setting done in your(client side)browser window.
example in Internet Explorer :you can block cookies
tools(menu)------>Internet options------->privacy(tab)---------------->select the block all cookies
and so on.. in any such browsers........
to over come this problem we work with HttpSession with cookies. this session tracking takes place using HttpSession object(class implementing HttpSession interface.. to know that class we can use ses.getClass() method where here "ses" is the object of the class which is implementing HttpSession interface).
HttpSession object allocates memory on the server on per browser window basis and remembers client data across multiple request during a session as session attribute values.but they must get request from that browser window for which HttpSession object is created.
every HttpSession object contains session-id and this technique uses" In-memory cookie " to send session from webapplication from browser window to web application.
There are two kinds of cookies, as follows:
In-memory cookies: An in-memory cookie goes away when the user shuts the browser down.
Persistent cookies: A persistent cookie resides on the hard drive of the user and is retrieved when the user comes back to the Web page.
while working with HttpSession based session tracking technique,server sends session-id to browser window and the browser window(client side) is identified across the multiple request during a session based on session-id.