> -----Original Message----- > From: John MccLain [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 24, 2004 11:37 AM > To: Tomcat user list > Subject: cookies and sessions > > > could someone give me a process flow description of how > cookies work, i.e., > 1)user authenticates - what is actually sent in header???, Is > it necessary > to authenticate???
Depending on how you setup authentication, there may be information sent in the header (for BASIC AUTH I think it does this). That way, the browser will know to popup a dialog box. Otherwise, for login-based auth, it all happens server-side. > 2) cookie issued - Is it sent in the response? Generally, cookies are sent in the response header > 3) user makes request with cookie > 4) cookie is recognized - How does this happen???, Because it's looking for a cookie with a certain name, from a certain domain, and it finds it. It's named jsessionid. > how is session management with cookies implemented?? the value of the jsessionid cookie is some very large number that is stored in the container's memory. That value is unique to a user, and allows the container to appropriately populate the Request object with that user's Session object, that it has been maintaining in memory, keyed to that very large number it just retrieved from the cookie. > . > . > . > I would greatly appreciate some 'tutelage' here.. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
