Sometimes it is required to maintain a number of request requested by the same client to associate them. Session in the sense that to maintain a client stability. In Java Servlet Technology there is an API which helps in to maintain/manage the session and the various mechanism to implement the sessions.
getSession() method of request object is used to find out the HttpSession object. This method gives a current session if there is a session associated with request object otherwise it creates one.
A session can be tying in with object-valued attributes by name. Whatever the web component that concerns to the same web context and the part of the same session that controls a request can access these object-valued attributes. To notifies the object of its association with session for their sure event such as to get the notification about the adding or removing of object from session must be implemented the HttpSessionBindingListener interface by your object, to get the notification about the session will be passivated or activated to which the object is attached HttpSessionActivationListener interface must be implemented by your object.
Each session is associates with timeout because HTTP session has no any mode to inform that a session is not need more, so for managing the session's timeout there are two methods :
1. getMaxInactiveInterval() : This method is used to find out the maximum time interval that the session will be accessed between the client.
2. setMaxInactiveInterval() : This method is used to specifies the maximum time interval that the request made between the client before invalidating this session by the servlet container.
If you do not want the further interaction after a particular client interaction is completed you can invalidate the session on the server side using invalidate() method and also can delete the any session data.
How it is to be identified by the web container that the client which was interact with the server is the same client (was idle for few moments) interacting now. For such problem i.e for associating a session with a user various of mechanism is used by the web container such as passed an identifier between the server and client. This identifier identifies the genuine client by matching the same identifier were given by the server to the client. An identifier information can be stored on the client side as a cookie or by the web component, identifiers can be included to every URL which is to be returned to the client.
Sometimes it may happens that the cookies is turned off on client side so, in the case if session objects are used in your application then the cookies will not saved the identifier information here you must have to enable the session tracking by the application rewrite URLs, encodeURL(URL) method of response can be used for such purpose on all URLs returned by a servlet, it encodes the url including session ID in it when the cookies are disabled or gives back the url unchanged.
Recommend the tutorial