A. Access to session-scoped attributes is guaranteed to be thread-safe by the web container. - wrong answer because session attributes also needs to be synchronized if they are to be used by the same user trying to login from the two browser screens.
B. To activate URL rewriting, the developer must use the HttpServlet Response.setURLRewriting method. - wrong answer - no such method exists
C. If the web application uses HTTPS, then the web container may use the data on the HTTPS request stream to identify the client. - Correct answer- This means that when the client sends the request via a secured protcol 301 , ie., http over secured SSL layer, the container may use the username,password in this request header ,because HTTPS guarantees integrity(data is not changed when transmitted) and here
you should see the
word " MAY" which they are using that means if there is any secured data ,then we can use it..else nothing wrong in it.
D. The JSESSIONID cookie is stored permanently on the client so that a user may return to the web application and the web container will rejoin that session. - wrong answer ,cokkies are not permanent in the client side. client can disable cookies and delete cookies even if the container stores them.
1
