There are multiple ways to handle session by a servlet framework. For example following methods can be used,
- Storing Cookies on the client side
- URL Rewriting
- Hidden form fields
When server calls request.getSession(true), then server generates and sends JSESSIONID back to the client for all future session references. JSESSIONID will then be stored by the client and sent back to the server using any of the above mentioned mechanisms.
To ensure that your Servlets support servers that use URL rewriting to track sessions, you must pass all the URL's used in your servlet through the
HttpServletResponse.encodeURL() method like :
out.println("<form actionb ='"+res.encodeURL("/example/htmlpage")+"'>");
This will append the sessionID to the form's action.