HTTP is, by design, a stateless
protocol. Many web applications require that a series of requests
from a client be associated with one another. For example, an online
store will need to maintain the state of a user’s
shopping cart across HTTP requests. The
HttpSession object allows servlets and JSPs to
manage client-specific state on the server. You can associate
object-valued attributes to the
name. Any object bound to the session is available to any other
servlet within the same servlet context. You can even declare
JavaBean components within JSPs that have session-wide
In order to implement server-side HTTP sessions, WebLogic needs to associate session data across browser requests with the same client. This is done by associating a unique tag (called the session ID) with every client, and ensuring that this tag is transferred with every request. The mechanism by which WebLogic binds the client to its session data is called session tracking. WebLogic supports two mechanisms for tracking session-state information: cookies and URL rewriting.
Session Tracking with Cookies
Every J2EE-compliant servlet engine is
required to support session tracking using cookies. When an
HttpSession is created, a unique ID is associated with it. WebLogic then attempts to store the session ID by sending a cookie back to the client. Once a cookie is set, the browser will return the cookie on each subsequent request. The server then is able to parse the cookie ...