Session Cookies

A session cookie only lasts for the duration of users using the website. A web browser normally deletes session cookies when it quits.

A session cookie is created when no expires directive is provided when the cookie is created.

Session Based Cookie Tracking
There are a number of problems that arise from the fact that HTTP is a ‘stateless’ protocol. In particular, when you are doing online shopping, if the web server can’t remember previous transactions. This makes applications like shopping carts problematic:when you add an entry to your cart, how does the server know what’s already in your cart?

Even if servers did retain contextual information, you’d still have problems with e-commerce. When you move from the page where you specify what you want to buy (hosted on the regular web server) to the page that takes your credit card number and shipping address (hosted on the secure server that uses SSL), how does the server remember what you were buying?

  1. Cookies
  2. URL Rewriting
  3. Hidden form fields

Servlets provide an outstanding technical solution: the HttpSession API. This is high-level interface built on top of cookies or URL-rewriting.