Servlet API will use one of the underlying traditional mechanisms like cookies, URL rewriting, but that will happen behind the scenes and you need not worry about it!
Every request is associated with an Http Session object.
If we login to the application again request.getsession(true) will ...
I have read a lot of posts about this, but none of the solutions have worked for me.
When an object is bound to a session (using the Http Session method, set Attribute(String name, Object value)) or unbound from a session (using the Http Session method, remove Attribute(String name)), the session checks to see whether or not the object implements the Http Session Binding Listener interface.
Servlet specification ensures that, the minimum features provided make the session management job easier.
URL rewriting is a better way to maintain sessions and works for the browsers when they don't support cookies but here drawback is that you would have generate every URL dynamically to assign a session ID though page is simple static HTML page.
Apart from the above mentioned three ways, servlet provides Http Session Interface which provides a way to identify a user across more than one page request or visit to a Web site and to store information about that user.
In a previous article I discussed about methods used for session tracking.
It has fundamental information about what a session is and how to manage it. Just to recap, session is a conversion between a server and a client.