Confusion between Cookie and JSession

I learning about sessions and cookies,
i create a cookie and set the cookie without creating any Session .
I checked the cookie in the browser and i see the following.

cookie : CooName="cookie value"; JSESSIONID=BD102D632EFF38F4B0BD08BAD3F0FF88

I was confused by this...
I created only a cookie and sent it to the client. But i did not create any session. Then from where did the JSession thing come in to picture...
What is that i am missing???

Cookie cookie = new Cookie("CooName",(String)req.getParameter("Name")); cookie.setMaxAge(30*60); res.addCookie(cookie);

I checked the cookie in the browser and i see the following.

Checked on the browser, mean are you printing out cookie on JSP page, if yes, then see if you had explicitly disable the session on JSP page or not.

If no Cookie contains a session ID, the Container generates a new one and put it into the Cookie for you.

Hmmm.. so you mean to say that if i create a cookie but without a session then the container will create a session and put that cookie in the session and send it to the client.

Sony Agrawal wrote:Hmmm.. so you mean to say that if i create a cookie but without a session then the container will create a session

Yes

Sony Agrawal wrote:and put that cookie in the session and send it to the client.

Little Correction: session into Cookie . in other word Cookie contains Session ID

Sony Agrawal wrote:put that cookie in the session and send it to the client.

Sorry for that

But what is the need for creating that session ??
Can you give an example regarding the use of such sessions??

Well, HTTP is a stateless protocal . For more details google for *Session Tracking* .

hmm, that's mean container attached the session-id to the any cookie generated from the web app, so that when browser send the cookie back with the next request, the container and eventually the web app has some mean to recognize whose cookie it is ? Am I right?

Hi, Sony.

Can you please post, how you are accessing parameter "Name" in servlet, through html form or jsp?

seetharaman venkatasamy wrote:Well, HTTP is a stateless protocal . For more details google for *Session Tracking* .

I understand that ..... but what if a apllication just want to know the name of the person who is browsing the site . In such a suitation the application would request for the name and set that as cookie and use the cookie to put that person's name in further pages(like in the right top corner)???
In such a suitation cookie are just enough ...right???

Sony Agrawal wrote:But what is the need for creating that session ??

I think, my previous reply answer this,

Sagar Rohankar wrote:the container and eventually the web app has some mean to recognize whose cookie it is.

But I'm not sure here

Chinmaya Chowdary wrote:Can you please post, how you are accessing parameter "Name" in servlet, through html form or jsp?

I am using JSP ... Why???

Sony Agrawal wrote:I understand that ..... but what if a apllication just want to know the name of the person who is browsing the site . In such a suitation the application would request for the name and set that as cookie and use the cookie to put that person's name in further pages(like in the right top corner)???
In such a suitation cookie are just enough ...right???

And what if two persons having the same name browsing from different geographical area ?
That's why Seetharaman pointed out "HTTP is stateless protocol", container need some mean to recognize the previous request/s.

And what if two persons having the same name browsing from different geographical area ?

How does it matter
I am picking the name of the person from the cookie that i got from the request???
By the way i am not even storing the name anyevery??

Suppose if we send request for jsp form, 'form.jsp', container/server implicitly creates session object and and gets the id from that object, encapsultates it into cookie object and sends it to the client. Now we have one JSESSIONID cookie

JSESSIONID=BD102D632EFF38F4B0BD08BAD3F0FF88

in the browser.

Now we fill the form and send the request to the container. This time servlet creates the cookie and sends it to the client. Now browser is having another cookie

CooName="cookie value"

. Finally browser is having two cookies.

Chinmaya Chowdary wrote:Suppose if we send request for jsp form, 'form.jsp', container/server implicitly creates session object and and gets the id from that object, encapsultates it into cookie object and sends it to the client. Now we have one JSESSIONID cookie in the browser.

Hmmm.. i just tried it.... And it creates session object for JSP and not for html... But still i am not clear why we need a session ... like in the suitation that i said before

Sony wrote: Hmmm.. i just tried it.... And it creates session object for JSP and not for html... But still i am not clear why we need a session ... like in the suitation that i said before

I think you are asking, why jsp creates implicit session object. If a client participates in a session, inorder to identify the client every time container has to check through the code HttpSession session=request.getSession(); . And most of the time client acesses jsp's. I think inorder to avoid this repeated code, container creates session implicit object.

Lets have an application which has ONLY two pages...
1. one.html
2. two.jsp

and a servlet which sets the cookie

In one.html, i request for the person's name. and use the servlet to set the cookie and somehow i sent the cookie to client. Now another request comes for the two.jsp page , which accepts the cookie and print the name in the JSP page.

Now whats the need for creating the session object in this applicaton?

Suppose we send a request to the 'One.html' form and the Container send's it to the client. We fill the form by providing entries 'Name' and 'Password' and sends it to the container. Now the servlet creates session object, gets the 'Name' from the form encapsulates it into the cookie and sends it to the client. Now the connection between container and client terminates, since HTTP is stateless protocol.

Now another request comes for the two.jsp page , which accepts the cookie and print the name in the JSP page.

Now how two.jsp page accepts the cookie, without creating session object at the two.jsp side? Inorder to identify it has to create session object. Which decides the particular client.

html

<html> <head><title>Cookie and Post</title></head> <body> <br> Enter text which will be save as cookie.<br> <form method ='POST' action='bookmark1'> <input type ='text' name ='bookmarkName'><br> <input type= 'submit' value='Iam a button'> </form> <br> </body> </html>


Servlet:

Cookie cookie = new Cookie("bookmarkName",(String)req.getParameter("bookmarkName")); cookie.setMaxAge(30*60); System.out.println("ABOUT TO ADD COOKIE"); res.addCookie(cookie); RequestDispatcher view=req.getRequestDispatcher("qwerty.html"); view.forward(req,res);

Intermediate html(qwerty.html)
<html> <head><title>Button</title></head> <body> <form method ='POST' action='bookmark2.jsp'> <input type= 'submit' value='Iabutton2'> </form> <br> </body> </html>


Final JSP

Cookie [] cookieArray= request.getCookies(); for(int i=0; i< cookieArray.length ;i++){ Cookie coo= cookieArray[i]; if (coo.getName().equals("bookmarkName")){ out.println("Your Text:"+ coo.getValue()); break; } }


This what i have done.... i would like to know why a session is need here?

Here final jsp don't require creating session object. While writing the program we know this logic. If we don't need session implicit object, declare in jsp as <%@ page session="false" %>

Sagar Rohankar wrote:the container and eventually the web app has some mean to recognize whose cookie it is
But I'm not sure here

it wont care Cookie . instead session id which is inside the Cookie . Through the session Id , it will regonize a client.

Sagar Rohankar wrote:
And what if two persons having the same name browsing from different geographical area ?

if two persons are accessing a web application with same userid/password , they are consider two different session.

To summarize:

In servlet, jsessionid would not be set in the cookie, unless you explicitly create an HttpSession
In JSP, jsessionid would always be set in the cookie, unless you explicitly prevent creation of an HttpSession