Which statement is true about web container session management?
A.
Access to session-scoped attributes is guaranteed to be thread-safe by the web container.
B.
To activate URL rewriting, the developer must use the
HttpServletResponse.setURLRewriting method.
C.
If the web application uses HTTPS, then the web container may use the data on the
HTTPS request stream to identify the client.
D.
The JSESSIONID cookie is stored permanently on the client so that a user may return to the
web application and the web container will rejoin that session.
Explanation: