javahttpcookieshttprequestjsessionid

How does Cookies session management using JSESSIONID happens in HTTPRequest Response in java?


How does cookie based authentication happens once the cookie with JSESSION ID is generated?

  1. Does the server maintains the session ID in some Data base and then for future requests it checks there?

  2. Is there any mapping of user to session id maintained so that the user+jsessionID identifies the user ?Or is it only Jsession ID maintained?

  3. In my code, JSessionID is set up to be same as httprequestServlet sesion ID. How does this session ID generated?


Solution

  • You may want to check out the fine Servlet Specification. Version 3 is not the latest, however the principles never changed. Check out chapter 7 of https://download.oracle.com/otn-pub/jcp/servlet-3.0-fr-eval-oth-JSpec/servlet-3_0-final-spec.pdf?AuthParam=1637010431_ae15081d6634353e73671a4b2e5ad227