Reputation: 4609
Understanding the relationship between HTTP Sessions and session cookies
I am just learning about how sessions work in a J2EE environment. Let's say that someone makes a GET request on MusicServlet, and I need to pull some data from their session, so I call:
request.getSession(false); //if they don't have one, I don't want to create one
I am trying to figure out how the server knows which session belongs to me, since the request is essentially stateless, and there is only 1 instance of the MusicServlet that exists. Maybe I am mixing concepts. Is it the JSessionID cookie that is used to 'match' the user to their particular session on the server? Does that mean that if I clear my cookies, the session that belongs to me can't be retrieved?
Upvotes: 0
Views: 156
Answers (1)
Reputation: 11275
Yes, you got it right - the random identifier in session cookie ties specific cookie in client browser to the session storage on the server side.
Whatever you set using setAttribute() will be stored on server side and attached to the JSESSIONID. If the generally stateless client comes back with the same JSESSIONID, the server can retrieve its session from its storage and getAttribute() will return previously stored values. If the cookie is lost, the session on the server becomes orphaned and will expire after some time.
P.S. it's not always the case that sessions are stored on server side - for example Play framework stores them on client side.
Upvotes: 1
Related Questions
- How are cookies passed in the HTTP protocol?
- What are cookies and sessions, and how do they relate to each other?
- Session or cookie confusion
- Is the "browser cookies" the same as HTTP cookies
- How does cookie work with HTTP?
- How are HTTP session IDs tracked by the server?
- Storing sessions in encrypted cookies
- How are session variables effected by cookies?
- Purpose Of PHP Sessions and Cookies and Their Differences
- Simple question about session