{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 趁早两清 的问题《How do application servers keep track of HttpSessi》','https://www.manongdao.com/q-936102.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
How do application servers keep track of which client is associated with which HttpSession object? Is it related to keeping track of the TCP/IP connection between the client? Or cookies perhaps? I doubt it's cookies since there is a separate method for extracting cookies.
Background
I understand that servlets and JSPs can call request.getSession() to obtain an HttpSession object associated with a client. I'm curious as to how the server knows to return that same object when the client requests new pages. I've searched around and all documentation I find is on how to extract session information. I'm interested in how the server isolated that session information from the sea of client data it has access to.
It is! There are essentially two ways of keeping track of user session in stateless HTTP protocol and servlets:
JSESSIONIDcookie or URL rewriting. The latter is used when cookies are not available.With first response servlet container sets the following cookie in the client:
Every subsequent request includes this cookie, and servlet container uses it to provide correct
HttpSession. You can access this cookie directly using servlet API, you can even build your own session mechanism on top ofJSESSIONIDor some other cookie. But the servlet container does that for you.See also