Confusion about how java web session handeling works. Demystifying Cookies and Header differences using servlet api and HttpSession object

Question

I am learning Spring security and Spring MVC, but I realized I needed to learn jsp Servlets first and general web programming in a java environment.

I have confusio

Answer 1

You are correct that cookies are managed using headers. There are TWO cookie management related headers: Cookie and Set-Cookie.

Cookie header is sent by the user agent (browser) and will be available in your HttpServletRequest object and the Set-Cookie header is appended to your HttpServletResponse object when you use methods such as addCookie(Cookie).

In Java an HttpSession is established when the first request reaches your application. The Servlet Spec implementation in your container (Jetty, Tomcat, WebSphere, etc) will create and manage the HttpSession. The browser will receive a JSESSIONID cookie which will identify this particular session in the future.