Which statement is true about web container session management？（）

• A、Access to session-scoped attributes is guaranteed to be thread-safe by the web container.
• B、To activate URL rewriting， the developer must use the HttpServletResponse.setURLRewriting method.
• C、If the web application uses HTTPS， then the web container may use the data on the HTTPS request stream to identify the client.
• D、The JSESSIONID cookie is stored permanently on the client so that a user may return to the web application and the web container will rejoin that session.