968970 wrote:A good question! To research yourself. But while I'm at it...
But my concern is how exactly server does that?
Where does server stores all these ids or state?The ID is stored in a cookie (JSessionID, something to google) so the client can store it and send it back to the server. Alternatively URL rewriting can be configured if cookies are somehow a problem. The session store itself is in memory on the server of course.
And who generates the session id server or client?The server of course. The client can't know what the server is going to expect.