As described in Chapter 2, HTTP is a stateless, request-response protocol. This means that the browser sends a request for a web resource, and the web server processes the request and returns a response. The server then forgets this transaction ever happened. So when the same browser sends a new request, the web server has no idea that this request is related to the previous one. This is fine if you’re dealing with static files, but it’s a problem in an interactive web application. In a travel agency application, for instance, it’s important to remember the dates and destination entered to book the flight so the customer doesn’t have to enter the same information again when it’s time to make hotel and rental car reservations.

The way to solve this problem is to let the server send a piece of information to the browser that the browser then includes in all subsequent requests. This piece of information, called a session ID, is used by the server to recognize a set of requests from the same browser as related: in other words, as part of the same session. A session starts when the browser makes the first request for a JSP page in a particular application. The session can be ended explicitly by the application, or the JSP container can end it after a period of user inactivity (the default value is typically 30 minutes after the last request).

Thanks to the session ID, the server knows that all requests from the same browser are related. Information ...