It is not recommended to use this procedure to maintain the sessions.
A web server can send a hidden HTML form field along with a unique session ID as follows − This entry means that, when the form is submitted, the specified name and value are automatically included in the GET or the POST data.
Fortunately for us servlet developers, it's not always necessary for a servlet to manage its own sessions using the techniques we have just discussed.
Let us now discuss a few options to maintain the session between the Web Client and the Web Server − A webserver can assign a unique session ID as a cookie to each web client and for subsequent requests from the client they can be recognized using the received cookie.
This may not be an effective way as the browser at times does not support a cookie.
What can be an alternative solution to invalidate a user session on browser closure ?
Session (in)validation is usually a server concept: a session is "valid" as long as the server considers it to be valid, i.e.
Let us create a Servlet Listener that just counts the number of running http sessions and prints the details whenever a session gets created or destroy.