Very few web applications are confined to a single page, so having a mechanism for tracking users through a site can often simplify application development. The Web, however, is an inherently stateless environment. A client makes a request, the server fulfills it, and both promptly forget about each other. In the past, applications that needed to deal with a user through multiple pages (for instance, a shopping cart) had to resort to complicated dodges to hold onto state information, such as hidden fields in forms, setting and reading cookies, or rewriting URLs to contain state information.
The Servlet API provides classes and methods specifically
designed to handle session tracking . A servlet can use the session-tracking API to
delegate most of the user-tracking functions to the server. The first
time a user connects to a session-enabled servlet, the servlet simply
javax.servlet.http.HttpSession object. The
servlet can then bind data to this object, so subsequent requests can
read the data. After a certain amount of inactive time, the session
object is destroyed.
A servlet uses the
getSession() method of
HttpServletRequest to retrieve the current
session object. This method takes a single
boolean argument. If you pass
true and there is no current session object,
the method creates and returns a new
HttpSession object. If you pass
false, the method returns
null if there is no current session object.
HttpSession thisUser = req.getSession(true); ...