I think you are mixing concepts together. The session cookie simply
provides an id that uniquely points to a session. This can also be
replaced using URL rewriting of the session id. You don't directly
manipulate the session id. This is handled by the container. You just
grab a session and start adding stuff to it and reading stuff from it.

If you are talking about a "remember me" feature, you could place a cookie
on the client which is completely and utterly separate from the session
cookie which stores some information about how to automatically re-log in
without user intervention.

I think the latter is what you are looking for.

Jake

At 11:48 AM 6/3/2003 -0300, you wrote:
>Hi , friends. This is a important best practice question for me. My project
>has a web form which is showed and filled ( by the user) after an external
>authentication process. The question is: should i generate a session Cookie
>that will be recovered by my following servlet or just generate any session
>parameter ( which will be recovered later too ), since i guess i only need
>to control the whole internal process.
>Thanks in advance,
>Euclides.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
>For additional commands, e-mail: tomcat-user-help@(protected)