How tomcat keep session

Question

Below is the two ways I know how tomcat keep session as so far.

1. In URL add parameter like "JSESSIONID=xxxxxxxxxxxxxxx", every time when a request send to server side, tomcat will query the session-map with "xxxxx"
2. Add a field in cookie like "JSESSIONID=xxxxxxxxxxxxxxx".

So, in my understanding, if we disable Cookie in browser, and visit our page with a URL without parameter like "JSESSIONID=xxxxxxxxxxxxxxx". The session id will be changed. Write a piece of code in jsp

<%  
    out.println(request.getSession().getId());  
%>

whenever we visit this jsp, session id will change. But the fact is that sessionId is never changed.

I observed the cookies in browser, I have indeed disabled cookie. When the first time I visit the page, the request and resonse like below:

    Request URL:http://localhost:8080/examples/testt.jsp
    Request Method:GET
    Status Code:200 OK
    ----------
    Request Headersview source
    Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Charset:GBK,utf-8;q=0.7,*;q=0.3
    Accept-Encoding:gzip,deflate,sdch
    Accept-Language:zh-CN,zh;q=0.8
    Cache-Control:max-age=0
    Connection:keep-alive
    Host:localhost:8080
    User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19

    -------
    Response Headersview source
    Content-Length:342
    Content-Type:text/html;charset=ISO-8859-1
    Date:Sat, 05 May 2012 03:01:32 GMT
    Server:Apache-Coyote/1.1
    Set-Cookie:JSESSIONID=6C71760FD3B85C4696CD8E6204574A06; Path=/examples

When the second time I visit the page, the request and resonse like below:

Request URL:http://localhost:8080/examples/testt.jsp
Request Method:GET
Status Code:200 OK
--------
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:GBK,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:zh-CN,zh;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:JSESSIONID=6C71760FD3B85C4696CD8E6204574A06
Host:localhost:8080
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19
--------
Response Headersview source
Content-Length:342
Content-Type:text/html;charset=ISO-8859-1
Date:Sat, 05 May 2012 03:03:19 GMT
Server:Apache-Coyote/1.1

---

Could someone tell me how tomcat keep a session when cookie is disable and URL doesn't contains "JSESSIONID=xxxxxxxxxxxxxxx".

Thanks very much.

---

I have made a mistake when I disable cookie in Chrome, I haven't really disable cookie in the above test.

Answer 1

You haven't disabled cookies. The browser is sending the cookie in the request headers.