1. The cookie is stored on the client side, and the session is stored on the server side. Through the two provided information, the server side performs related operations to determine whether the login will time out;
2. The cookie (the purpose is to track the session), also saves some things that the user wants to save (for example, when logging in, whether to check to save the account password). session is used to keep track of sessions;
When the browser is opened for the first time, the server will automatically create a session for it, and assign a sessionID to the client's browser. When the client then requests other resources in the application, it will automatically add: Cookie: JSESSIONID to the request header
Session timeout: The timeout means that the server does not receive the request from the client corresponding to the session for a certain period of time , and when this time exceeds the maximum time of the session timeout set by the server, logging in again will add a JSESSIONID to the cookies again.