Why does my Servlet create a JSESSIONID cookie?

java servlets jsessionid
user3092110 picture user3092110 · Feb 5, 2014 · Viewed 13.4k times · Source

I am developing something using Servlets. I am creating cookies in this program, and a cookie named as JSESSIONID is being created, but when I comment out all the code even then the cookie is created. Here is my code:

CookieDemoServlet.java:

public class CookieDemoServlet extends HttpServlet {

    public void service(HttpServletRequest req, HttpServletResponse res) throws
            ServletException, IOException {

        /*String em = req.getParameter("email");
        Cookie ck[] = req.getCookies();
        if (ck != null) {
            if (ck.length != 0) {
                for (Cookie c : ck) {
                    String cn = c.getName();

                    if (cn.equals("JSESSIONID")) {

                        System.out.println("You are the Old User");
                        String cv = c.getValue();
                        String d = c.getDomain();

                        System.out.println(cn + "\t:" + cv + "\t:" + d);
                    }

                } else {
                    System.out.println("Sorry,No Cookies Found");
                }
            }

            HttpSession session = req.getSession();
            boolean b = session.isNew();
            if (b) {
                System.out.println("You are the New user");
            } else {
                System.out.println("You are the Old User");
            }

            Cookie c1 = new Cookie("Email", em);
            res.addCookie(c1);
            Cookie c2 = new Cookie("Phone", "99999");
            res.addCookie(c2);*/

            RequestDispatcher rd = req.getRequestDispatcher("cookiedemo.jsp");
            rd.forward(req, res);

        }

    }
}

What could be the reason?

Answer

Koitoer picture Koitoer · Feb 5, 2014

JSESSIONID is managed by J2EE Application servers, it is created in each session that the application server has active, is one of the session tracking mechanism that is used by Servlet API

With this, we can know which sessions (objects) belong to a specific user.

Check this.

Related questions

Is it possible to disable jsessionid in tomcat servlet?

Is it possible to turnoff jsessionid in the url in tomcat? the jsessionid seems not too search engine friendly.

Read More
Setting httponly in JSESSIONID cookie (Java EE 5)

I'm trying to set the httponly flag on the JSESSIONID cookie. I'm working in Java EE 5, however, and can't use setHttpOnly(). First I tried to create my own JSESSIONID cookie from within the servlet's doPost() by using response.setHeader(). When …

Read More
How do I get a servlet container to read JSESSIONID from the query string rather than from the URL

I need to be able to maintain a session by having the JSESSIONID specified as a parameter of the query string of the url rather than part of the URL itself. I other words I need to maintain a session …

Read More