问题
I'm using a load balancer with Tomcat7 and right now our HttpSession object always returns a new session. My guess is that the information that binds the browser to the server isn't being sent to the server.
Is the session mapped by a token set in a cookie client-side? If so, is this sent in the HTTP header with each request? And if so, what does it look like?
回答1:
Every time you connect to the server initially a jsessionid is generated and saved to a cookie on the client side. That jsessionid is what identifies your session on the server. So, HttpSession object is generated on the server side which contains all the details of your particular session until it expires. Yes the jsessionid is sent every time you send a request to the server. The only way this is thwarted is if the browser isn't allowing the saving of cookies. In which case, there are other mechanisms that can still ensure that the jsessionid is retained. That's my understanding of the process anyway. Hope this helps.
来源:https://stackoverflow.com/questions/22817012/how-does-the-httpsession-object-get-bound-to-the-browser