What is JSESSIONID in JSP-Servlet

JSESSIONID is a cookie generated by Servlet containers like Tomcat or Jetty and used for session management in J2EE web application for HTTP protocol. Since HTTP is a stateless protocol there is no way for Web Server to relate two separate requests coming from the same client and Session management is the process to track user session using different session management techniques like Cookies and URL Rewriting. If a Web server is using a cookie for session management it creates and sends JSESSIONID cookie to the client and then the client sends it back to the server in subsequent HTTP requests.

When JSESSIONID created in the Web application?

In Java J2EE application container is responsible for Session management and by default uses Cookie. When a user first time accesses your web application, session is created based on whether its accessing HTML, JSP or Servlet. if user request is served by Servlet than session is created by calling request.getSession(true) method. it accepts a boolean parameter which instructs to create a session if it’s not already existed.

If you call request.getSession(false) then it will either return null if no session is associated with this user or return the associated HttpSession object. If HttpRequest is for JSP page than Container automatically creates a new Session with JSESSIONID if this feature is not disabled explicitly by using page directive %@ page session=”false” %>.

Once Session is created Container sends JSESSIONID cookie into the response to the client. In case of HTML access, no user session is created. If a client has disabled cookie than Container uses URL rewriting for managing session on which jsessionid is appended into URL as shown below:

When HTTP session is invalidated(), mostly when the user logged off, old JSESSIONID destroyed and a new JSESSIONID is created when the user further login.

How to monitor HTTP request to check JSESSIONID
You can check the value of JSESSIONID coming in as a cookie by monitoring HTTP request. If you are running Tomcat Server in NetBeans IDE in your development environment then you can use HTTP Server Monitor to check HTTP requests. You just need to enable it while starting Tomcat Server form Netbeans. After that with each request you can see all details of request headers, session, cookies etc in HTTP Server monitor screen. If you look on JSESSIONID cookie it will look like:

You can also enable HTTP request and response in Client side by using tools like ethereal or Wireshark. This tool can monitor all HTTP traffic from and to your machine and by looking at request data you can see JSESSIONID cookie and its value.

That’s all on What is JSESSIONID and How JSESSIONID is created inside the J2EE application. We have seen that both Servlet and JSP can be responsible for Session creation but its done by Container. you can retrieve the value of SessionID which is represented by JSESSIONID cookie when you call request.getSession(). Session management in web applications is a complex topic especially when it comes to clustering and distributed session. On the other hand, JSESSIONID is one of those basics which as J2EE web application developer you should be aware of.

Source: https://javarevisited.blogspot.com/2012/08/what-is-jsessionid-in-j2ee-web.html


Please enter your comment!
Please enter your name here