Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Problem about understanding cookies mechanism  RSS feed

John-Philippe Verger
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I hope I'm posting in the right forum.

I'm learning Servlets and JSP with HFSJ. Somewhere in this book, I read this:

on the client’s first request, the Container generates a unique session ID and gives it back to the client with the response. The client sends back the session ID with each subsequent request.

I have the following question to ask on it:

Even if cookies are enabled on the client, what ensures that the client will effectively send back the session ID with each subsequent request? Can't it be possible that, even if cookies are enabled on the client, the client doesn't send back the session ID with subsequent requests?
Pete Nelson
Ranch Hand
Posts: 147
Debian Eclipse IDE Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If "cookies" is enabled in the browser, and yet it is NOT sending back a known cookie with the request, then you have a bug in the browser. The HTTP Cookie Wikipedia article speaks to how the browsers are supposed to implement cookies, with links to the actual specs that define the behavior.

If a browser doesn't implement this, it doesn't fully speak HTTP 1.1.
Swetha Bhagavathula
Ranch Hand
Posts: 112
Java Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

the things we need to understand that :

->working with Cookies is one of the ways used for session tracking.
->Cookies come to client along with the response as "set-cookie" ->response header values.
->similarly,Cookies go back to web application along with the request as " cookie"->request header values.
programmer creates cookies at server side by using servlet/Jsp kind of web resource program,but thy come to client side along with the response for allocating memory.
these cookies go back to their web application when request i given to that web application from browser window.(client).

the main disadvantage with cookies is:

cookies can be restricted coming to browser window from websites,this fails session-tracking.

so its all depends upon the setting done in your(client side)browser window.

example in Internet Explorer :you can block cookies
tools(menu)------>Internet options------->privacy(tab)---------------->select the block all cookies

and so on.. in any such browsers........

so we cant assure that cookies are sent to the respective we application if you block them in the client side browser totally depends on settings done in the browser just like other settings like enabling or disabling javascript in the client side browser etc.......

to over come this problem we work with HttpSession with cookies. this session tracking takes place using HttpSession object(class implementing HttpSession interface.. to know that class we can use ses.getClass() method where here "ses" is the object of the class which is implementing HttpSession interface).

HttpSession object allocates memory on the server on per browser window basis and remembers client data across multiple request during a session as session attribute values.but they must get request from that browser window for which HttpSession object is created.
every HttpSession object contains session-id and this technique uses" In-memory cookie " to send session from webapplication from browser window to web application.

There are two kinds of cookies, as follows:

In-memory cookies: An in-memory cookie goes away when the user shuts the browser down.

Persistent cookies: A persistent cookie resides on the hard drive of the user and is retrieved when the user comes back to the Web page.

while working with HttpSession based session tracking technique,server sends session-id to browser window and the browser window(client side) is identified across the multiple request during a session based on session-id.

hope this is useful.

Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!