4.4.7.2.1 How the Web Container Manages Session State
Application servers typically track user sessions with some combination of cookies and/or URL rewriting to store a session ID on the client. The session ID identifies the session, and the server is responsible for associating each HttpServletRequest
with its corresponding HttpSession
object. The J2EE server handles the details of using cookies and URL rewriting. The section "Maintaining Client State" in The J2EE Tutorial explains in detail how to manage Web-tier session state.