I went through some resources about JSESSIONID. They say that HTTP and web-servers are stateless. Ok fine, I know this. But then they say- to add a state to these, sessions are used. And there is a session created JSESSIONID by web servers(in java applications). JSESSIONID helps web servers to recognize if the request is coming from the same previous user or a new user. But, this created a doubt in me:
For basic authentication(for example), we send username password with each request, along with JSESSIONID. So, what additional benefit does JSESSIONID adds to that request, if we still need to send credentials with each request. What is the benefit of remembering the client-requests(the idea of using session-cookies)?
Any real-world example, please.
Asked
Active
Viewed 1,757 times
4
The Coder
- 3,447
- 7
- 46
- 81
-
Because websites don't always require basic authentication, and basic authentication from HTTP authenticates a request, but does not always specify a single user, think for example a passworded internal webapp that also requires user sign on, there may only be one password for the webapp access to get past the basic auth constraint, but then every user is a different session.. – Zachary Craig Dec 24 '18 at 19:24