I don't think that the term "session" in "Sending a session cookie in the RESPONSE" is referring to the HttpSession object on the server side.
Your server session doesn't keep track of cookies. That's really the whole point of cookies - that they store information on the client so the server doesn't have to store it. [Note: This concept gets muddied a little because the container
can use cookies to track the JSESSIONID, so for this one case the container will keep the JSESSIONID stored both on the server side
and on the client side as a cookie. But other than that...
]
I don't have my HFSJ in front of me, but I suspect that "session cookie" means one of two things:
1) A cookie that holds the JSESSIONID, meaning a cookie to identify which session object the client belongs to.
2) If a Cookie does not have an expiration date, it will be deleted when the user closes her browser window. In a sense, these could be called session cookies -even though they could outlive an HttpSession- because they live only for the browsing session.
But with either of my assumptions I wouldn't expect that a coder would need to retrieve the HttpSession for either one. #1 is managed entirely by the container and #2 has nothing to do with HttpSession. So I'm confused. Mind explaining the context of your question a little more?