A session is a series of requests to a servlet, originating from the same user at the same browser. Sessions allow servlets running on a servlet engine to keep track of individual users, a concept known as personalization.
For example, a servlet might use sessions to provide "shopping carts" to on-line shoppers. Suppose the servlet is designed to record the items each shopper indicates he or she will purchase from the Web site. It is important that the servlet be able to associate incoming requests with particular shoppers. Otherwise, the servlet might mistakenly add Shopper_1's choices to the cart of Shopper_2.
A servlet distinguishes users by their unique session IDs. The session ID arrives with each request. If the user's browser is cookie-enabled, the session ID can be stored as a cookie. As an alternative, the session ID can conveyed to the servlet by URL rewriting, in which the session ID is appended to the URL of the servlet or JavaServer Pages (JSP) file from which the user is making requests.
The product provides facilities, grouped under the heading Session Manager, that support the javax.servlet.http.HttpSession interface described in the Servlet API specification.
Session Manager allows for two types of session scoping: global and by Web application.
A session time-out can be configured for each Web application. A Web application time-out value of 0 (the default value) means that the global time-out value from the Session Manager is used.