Hi Makaira, I also found hard to understand the concept of sessions and its relation to cookies. After all, HTTP is a stateless protocol, right?
Well, a servlet engine (as stated in the Servlet Engine specification pointed by Charles) must provide a way to provide some "state". This is done by a special cookie with the name JSESSIONID. This value is passed back and forth between the client (a browser) and the server. If the request has the cookie JSESSIONID, then the server looks for the active sessions and "joins" the request to that session. My confusion came from the fact that through the HttpSession object, you can access the cookies with methods that names then Attributes (getAttribute/setAttribute). It was unclear -to me- that it is the same stuff as a "cookie". The JSESSION attribute is handled by Tomcat, you don't have to set it. It is enough to add the attribute(s) you will later use. By the way, cookies are stored -as files- by the browser just to persist them and made them available later on; but a cookie is not neccesarily a file; certainly, you won't find them in the server filesystem, they live only in the Tomcat memory. -Jorge -----Original Message----- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, February 17, 2009 11:59 AM To: Tomcat Users List Subject: RE: Tomcat in-memory (session) cookie > From: makaira nigricans [mailto:liame.e...@yahoo.com] > Subject: Tomcat in-memory (session) cookie > > As I understood (maybe I understood wrongly) You did. > with every GET and POST request Tomcat "generates" cookie which it do > not write on hard drive (so it cannot be seen in browser cookie > manager). You seem to be referring to HttpSession objects, which are not cookies. Session objects are created when a user is authenticated or when a webapp chooses to create a session. An identifier (JSESSIONID) for the Session is passed back to the client (browser) either via a cookie or as part of the URLs embedded in the response. Whether or not the browser chooses to accept or persist the cookie is up to the browser, not Tomcat. > What are JSESSIONID, session, are those cookies? Sounds like you need some basic education; try the servlet spec first: http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html Wikipedia has definitions and examples of standard computing terms such as cookie. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org