Here's a recent test I performed to demonstrate how state is maintained in a simple ColdFusion application that uses J2EE Sessions on a WebSphere 5.1 server.

The test application simply sets a client variable on the first page, then tests for the client variable on the second and third pages.

  1. Setup of Ethereal - Running Ethereal on server, Filter set to client IP
  2. Request/Response for Page1.cfm - Server sets the CFID, CFTOKEN, JSESSIONID cookies in the header
  3. Request/Response for Page2.cfm - Browser sends the 3 cookies back to server with same values
  4. Request/Response for Page3.cfm - Browser again sends the 3 cookies back to server with same values
  5. The full Ethereal trace from a test of all 3 page requests - can be opened by Ethereal
    Download Ethereal Trace

  6. Here's a zip of the simple CFML application: Example Application

This example shows that state is maintained because the Server set the 3 session tokens in the first HTTP Response, and the browser returned the tokens with each subsequent HTTP Request. The server never sent headers with Set-Cookie after the first HTTP Response.