I have read about both session object and cookie.
Session objects are maintained on server side.
Cookies are stuff which are maintained clients side and sent to server per request by browser.
Some doubts I have that I am still not able to clarify are
1.)In ASP .NET sessions can be tracked through cookies. Using stuff like below in the configuration file
<configuration>
<sessionstate
mode="inproc"
cookieless="false"
timeout="20"
sqlconnectionstring="data source=127.0.0.1;user id=<user id>;password=<password>"
server="127.0.0.1"
port="42424"
/>
</configuration>
What is the equivalent Java servlet configuration for above and where is it configured?
2.)In Java in case cookiefull state tracking is enabled then do we still have to write
code to pull out the cookie from the request and using it get session object details,
or is this done internally by the J2EE framework, i.e. the J2EE framework sees the cookie and automatically assigns the respective session object to the page request?
Java EE Containers default session management is using cookies (although it supports other methods, like URL rewriting).
There’s no need -and you shouldn’t- manage session cookies on your own because the container does all this stuff for you. It exposes an instance of HttpSession that represents the session of the current user: if you want particular objects to persist between requests you can store here as attributes and recover later accessing that HttpSession object. There no need to write cookie-related code.