A session is a series of requests to a servlet, originating from the same user at the same browser. Sessions allow servlets running in a Web container to keep track of individual users, a concept known as personalization.
For example, a servlet might use sessions to provide "shopping carts" to on-line shoppers. Suppose the servlet is designed to record the items each shopper indicates he or she will purchase from the Web site. It is important that the servlet be able to associate incoming requests with particular shoppers. Otherwise, the servlet might mistakenly add Shopper_1's choices to the cart of Shopper_2.
A servlet distinguishes users by their unique session IDs. The session ID arrives with each request. If the user's browser is cookie-enabled, the session ID can be stored as a cookie. As an alternative, the session ID can conveyed to the servlet by URL rewriting, in which the session ID is appended to the URL of the servlet or JavaServer Pages (JSP) file from which the user is making requests. One additional alternative is, for requests over HTTPS or SSL, to use SSL information to identify the session.
The product provides facilities, grouped under the heading Session Manager, that support the javax.servlet.http.HttpSession interface described in the Servlet API specification.
In accordance with the Servlet 2.2 API specification, Session Manager allows for session scoping only by Web application. Only servlets in the same Web application can access the data associated with a particular session. Multiple requests from the same browser, each specifying a unique Web application, result in multiple sessions with a shared session ID. Any of the sessions that share a session ID can be invalidated without affecting the other sessions.
A session time-out can be configured for each Web application. A Web application time-out value of 0 (the default value) means that the global time-out value from the Session Manager is used.