How sessions are identified for user on server

[vdsindr]

I am a java progrmaeer ,i m asked a question in interview that sessions are stored on client side in browsers / cookie files on cleint's computer then how server idetifies that i m the same user who is logged in from my own PC and I must be shown only that information that belongs to me?
Please help.

 

[Rusting In Peace]

Generally when you are connecting to a server you will be issued with a jsessionid. On future requests you include this value and the server knows what session to use etc.

 

[Zenthar]

On a side-note, is there any mechanism to prevent someone to just hijack someone's session if he gets hold of the JSessionID (which could be easy using http sniffing)?

 

[Rusting In Peace]

This is a pretty good wiki article discussing session id attacks and security measures. In essence you can prevent session hijacking by using HTTPS and/or by having stricter session id management.