when we say request.getSession() it will create the session add the session Id in to cookie and stuff it in the resonpse header and give it back to client on the other hand when client says request.getSession() it will give back the created session but. My question is when the server sent back the response the info is in the response not in the request so the client should say response.getSession() instead of request.getSession() is it not why they made it request.getSession()
and once again when the cokkies are created and response.addKookie() is called the server will add the cookie in to response header and send the response back to client. but when client wants to get the cookies it will say request.getKookies() why is it so before sending didnt the server add the cookie in to response header then once the Jsp code recieves it should say response.getKookies() instead of request.getKookies()
why they have made it request.getKookies()
As for sessions, those are too are associated with requests, because that's where the session cookie comes from.
Thanks for the reply
The cookies are sent by the browser/client to the server as part of the HTTP request.
But the cookies as well as the sessions are created by the server and not by the client in that case first server will be the one to insert the cookies in to response. is that correct.
Plus, the cookies of the next request do not necessarily have to be the same as the ones set in the previous response (although they usually are).
Originally posted by raja ram:
... so the client should say response.getSession() instead of request.getSession() is it not why they made it request.getSession()...
The client can't call getSession() on anything because it doesn't have access to the Java API classes. Java classes are always processed on the server, never on the client.
think from the developers(or servers) point of view. I mean the servlet response and request are quite logically modelled. you GET information from the request and PUT some information in the response. You GET cookies, parameters,headers from request.You PUT (or add)cookies, headers, content to the response.
The client is never given access to response and request object.all the client sees is HTML, pdf, xml, etc(that is the processed information). Imagine if the client is given access to request and response.all hell will break loose. A complete security disaster!!
Thanks for the replys,
The Java API and classes always exceute on the
servers and clinet never gets acccess it only gets HTML and so
That means say i have servlet do display few records in that case servlet is exceuted by the serverand will send only the HTML to the client/browser which will display it to the user.
CLIENT MEANS BROWSER FROM WHICH USER MADE REQUEST CLIENT=BROWSER is that correct.Please correct me if i am wrong