A session is a series of requests to a servlet, originating from the same user at the same browser. Sessions allow servlets running on a Web container to keep track of individual users, a concept known as personalization.
For example, a servlet might use sessions to provide "shopping carts" to on-line shoppers. Suppose the servlet is designed to record the items each shopper indicates he or she will purchase from the Web site. It is important that the servlet be able to associate incoming requests with particular shoppers. Otherwise, the servlet might mistakenly add Shopper_1's choices to the cart of Shopper_2.
A servlet distinguishes users by their unique session IDs. The session ID arrives with each request. If the user's browser is cookie-enabled, the session ID can be stored as a cookie. As an alternative, the session ID can conveyed to the servlet by URL rewriting, in which the session ID is appended to the URL of the servlet or JavaServer Pages (JSP) file from which the user is making requests.
One additional alternative for secure sessions is the usage of SSL information to pass a session ID between server and browser.
The product provides facilities, grouped under the heading Session Manager, that support the javax.servlet.http.HttpSession interface described in the Servlet API specification.