Hi,
To make things clear, imagine that a cookie is like a bean (with name and value attributes) that the server sends to the client through the HTTP Response. Consider the below simple scenario.
Browser to
http://www.AnanyaKaur com. Let's suppose that the web server sends a cookie with [Name="Exam", Value="SCWCD"].
Here is a series of steps explaining this scenario.
The web browser sends a GET HTTP Request to the server.
The web server receives the request. (In case of the Java programming language) the code that will be responsible for serving this request is a Servlet or a JSP.
A code snippet like this is used to send the cookie back to the client :
Cookie rv = new Cookie("Exam","SCWCD");
response.addCookie(rv);
The browser now receives the HTTP Response from the server. It sees that, there are cookies in the response. The browser stores those cookies.
The browser now has the below entry :
www.AnanyaKaur.com --> (Has the following cookies) ["Exam","SCWCD"]
Later, any request that is sent to the same website (www.AnanyaKaur.com), the browser sends the cookies with every request.
Cookies are exhachned between the client and server in HTTP Request/Response as HTTP Headers.
Now here comes the question : What does all this has to do with session ??
When the web server creates a session object, it sends a cookie to the browser (For example,
sessionID, or ClientId or call it whaterver you want that identifies the currently created session. The name of the this cookie depends on the web container. You don't have
to care for it.
When you send another request to the server, the sessionID(or cookie that is used to identify the session) is sent with every request to the server.
Automatically Servlet container will associate this sessionID with the Session Object on the server, and you as a developer simply call
the request.getSession() to get a session object, while the container has done
everything for you.
That's why when you clear the cookies on your browser, you have to re-login again to whatever site you are logged in. Because you have deleted the cookie
or set of cookies that store your session ID.
One more thing, when you call the session.invalidate(), you delete the session object from the server, but the corresponding cookies still exist on the client.
But they will not be of any user, since they have no corresponding session on the server.
I strongly advice to read [HTTP The Definitive Guide] which explains HTTP in detail and in a very simple and easy way.
Also take a look at the following
thread to see how you remove cookies
http://forums.devshed.com/java-help-9/question-on-how-to-deleting-cookies-in-a-servlet-126544.html
Hope this helps ;)