Server Session,tomcat has its own session maintenance mechanism, Apache has its own session maintenance mechanism

1.SESSION generally not what you say this way of working, you open a browser, then open a, request the same URL, then one of the landing, the other one will never also login. Session and browser itself this program is linked, generally not through the IP and port to bind (if it is port and IP, browser closed session is not necessarily invalid, there is obviously a security problem, this is because of some problems of TCP protocol, it is easy to be exploited).

When the browser and the server contact, the server will send a sessionid to the browser, and then the browser record this SessionID, each time the visit will be accompanied by the ID of the past. If you want the browser to be closed after the re-open can still get, there are two aspects of the problem need to be resolved, 1 browser How to find the previous SessionID, this requires a file to record, such as the cookie,2 server can not immediately destroy the session, which I remember in Apache can be set.

2.

Session that time very good setup, different application server (java,php) have a very convenient way to set up, Baidu a search on the out. I have never heard of who set the session ID, is generally the server itself management, the original for security allocation is randomly generated, or based on the connection of the other information generated, do you intend to do a session ID pool to save session ID?

Server Session,tomcat has its own session maintenance mechanism, Apache has its own session maintenance mechanism