hey raja,
think from the developers(or servers) point of view. I mean the
servlet response and request are quite logically modelled. you GET information from the request and PUT some information in the response. You GET cookies, parameters,headers from request.You PUT (or add)cookies, headers, content to the response.
The client is never given access to response and request object.all the client sees is HTML, pdf, xml, etc(that is the processed information). Imagine if the client is given access to request and response.all hell will break loose. A complete security disaster!!