Reputation: 7335
HTTP Cookie Request Header sequence of events
I am a little uncertain about the sequence of events when using cookies. Here's what I think happens if a client application repeatedly requests the same page from the server:
- client application makes a request
- server side returns with a Set-Cookie response header
- client makes another request, putting the cookie returned in step 2 in to the HTTP request "Cookie" header
- server side returns but with no Set-Cookie in the response header
Is that the correct sequence? ( I'm particularly interested in Step 4 - does the server return a Set-Cookie in response to a request that has supplied a cookie )
The cookie in question is actually a JSESSIONID cookie, if that makes any difference.
Thanks
Dave
Upvotes: 2
Views: 3001
Answers (1)
Reputation: 9139
Yes, that's the correct sequence. However, I've seen many applications sending back "Set-Cookie" header with the same value. It does not harm the flow, since values are the same and even if client updates the cookie it's still the same value (thus, the same session).
Upvotes: 1
Related Questions
- HTTP Only JSessionID not sent back in Chrome
- Apache Camel HTTP4 and (JSESSIONID) cookies
- How does Cookies session management using JSESSIONID happens in HTTPRequest Response in java?
- How is JSESSIONID passed? As a header parameter or as a cookie parameter?
- jsessionid passed in url if cookie and jsessionid stored by browser
- Only Cookie JSESSIONID set from first Login request is not sent in subsequent requests?
- Multiple JSESSIONID IN REQUEST HEADERS
- When is the JSESSIONID cookie added to the response
- setting Cookie: JSESSIONID on client request manually
- Cookie available in the same request/response