The abstract concept of a "session" or "conversation" is foreign to the HTTP protocol, which is designed for a one-shot request/response type of communication. Therefore a little help is needed.
In J2EE, an object called the HttpSession is constructed on the server. It contains the context for a user's conversation. For security and performance reasons, the HttpSession never leaves the server. However, since HTTP is one-shot, a hash key/magic-number/GUID-like string (the session ID) is passed back and forth between client and server on successive request/response requests so that continuity of communication can be maintained.
Under normal circumstances, this mechanism is completely automatic, and, in fact, it's perilous to attempt to wrest manual control over it. The server knows what it's doing and it may not always do what you think it's going to do, so leave that stuff alone and you'll have fewer support calls.
One thing that you do have to do manually, however, is ensure that any outgoing URLs that need to interact with the session are able to do so. As long as cookies are enabled, there's nothing you need to do. But if the app must be able to work for users who have cookies disabled, you need to use the URLEncode feature of J2EE to have the server rewrite your URL with a session id (jsessionid) attached.
An IDE is no substitute for an Intelligent Developer.
Session control talks about Security .
how to contorl in webapplication:
Default Sessiontimeout 30 min
There is a diffrence
web application level we can maintain in mintues level
servlets level we can maintain seconds level
basically i want to understand that,if a request come from client side(browser) on server side we create a session(HttpSession ses=request.getSession();) the automatically a session_id has sent to client by web container but what happens when the cookies are disable from the browser,is rewriting url automatically done by web container(like tomcat) when the cookies are disable?
please explain me.....
But suppose a user disable the cookies from the browser then how can he keep in touch with server , i know for this url rewriting taken place but i want to know url rewriting will be written by programer in servlet. please give me the example to clarify this.