I have a site that allows a user to select an items to buy. I store these selected items in their session. To actually buy the items they go to a third party site.
The third party site calls a url on my site so I know that the user has purchased and paid for the items. I need to associate the items that were purchased with the user that purchased them so I can update the database
If I append the JsessionId to the url that the thirdparty calls.
If this url is used and I call request.getSession() will this find the session for the correct user?