You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by John MccLain <jm...@tcshealthcare.com> on 2004/02/24 18:37:21 UTC
cookies and sessions
could someone give me a process flow description of how cookies work, i.e.,
1)user authenticates - what is actually sent in header???, Is it necessary
to authenticate???
2) cookie issued - Is it sent in the response?
3) user makes request with cookie
4) cookie is recognized - How does this happen???, how is session management
with cookies implemented??
.
.
.
I would greatly appreciate some 'tutelage' here..
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: cookies and sessions
Posted by Mike Curwen <gb...@gb-im.com>.
> -----Original Message-----
> From: John MccLain [mailto:jmcclain@tcshealthcare.com]
> Sent: Tuesday, February 24, 2004 11:37 AM
> To: Tomcat user list
> Subject: cookies and sessions
>
>
> could someone give me a process flow description of how
> cookies work, i.e.,
> 1)user authenticates - what is actually sent in header???, Is
> it necessary
> to authenticate???
Depending on how you setup authentication, there may be information sent
in the header (for BASIC AUTH I think it does this). That way, the
browser will know to popup a dialog box. Otherwise, for login-based
auth, it all happens server-side.
> 2) cookie issued - Is it sent in the response?
Generally, cookies are sent in the response header
> 3) user makes request with cookie
> 4) cookie is recognized - How does this happen???,
Because it's looking for a cookie with a certain name, from a certain
domain, and it finds it. It's named jsessionid.
> how is session management with cookies implemented??
the value of the jsessionid cookie is some very large number that is
stored in the container's memory. That value is unique to a user, and
allows the container to appropriately populate the Request object with
that user's Session object, that it has been maintaining in memory,
keyed to that very large number it just retrieved from the cookie.
> .
> .
> .
> I would greatly appreciate some 'tutelage' here..
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org