who(webserver or developer) takes care of maintaining one http session per browser?

Question

As we know that all there is one httpsession per web browser like IE i.e if we fire n number of request from same browser , web/app server will maintain one httpsession for all request. As per my understanding this is default functionality of all webserver/appservers. Though it depends on server how they implement it . they can do it by URL rewriting or through cookies. Right? Bet developer don't have to woory about it. I think generally server do it thru cookies but if cookies are disabled manually , probably server will be doing it by url rewriting. Is that correct?

Answer 1

It is the server which will maintain the sessions. And it is the server responsibilty to allow session tracking happen. Clients need not bother about sending any information explicitly. As Client can sends Cookies saved on the client along with every request, server might use Cookies for sesssion tracking.

Note: Cookies are just one of the way to implement Session Tracking. It is also the best way

So server uses Cookies as one of the ways to handle session tracking.

It can also be done in other ways:

URL rewriting - the application/server should append the session id in all URL's/Links. When those are invoked from the client the session comes to the server along with the URL.

Hidden Form Fields - The forms may contain hidden input type with session id as field value. When the form is posted, the session id comes along with the form data.