1.session is used to represent the user session, the session object is maintained on the service side, the general Tomcat set session life cycle is 30 minutes, the timeout will be invalid, but also can be actively set not valid;
The 2.cookie is stored on the client side and can be divided into memory cookies and disk cookies. The memory cookie disappears after the browser shuts down and the disk cookie expires. When the browser sends the request, it will automatically send the corresponding cookie information, if the request URL satisfies the cookie path;
3. SessionID can be stored in a cookie, or sessionid can be stitched to the URL by rewriting the URL. So you can view the browser cookie or address bar URL to see SessionID;
4. When requesting to the server, the session will be found according to the SessionID in the request, if it can be obtained then returned, otherwise null or return to the newly built session, the old session still exists, please refer to the API.
Java Session Tracking Technology