Many web servers also support session tracking based on URL rewriting, as a fallback for browsers that don't accept cookies. For a servlet to support session tracking via URL rewriting, it has to rewrite every local URL before sending it to the client.
The level of support, however, depends on the server.
The minimal implementation provided by the servlet classes in JSDK 2.0 manages sessions through the use of persistent cookies.
A servlet uses its request object's This method returns an array that contains the names of all objects bound to this session or an empty (zero length) array if there are no bindings.
Finally, you can remove an object from a session with if the session being accessed is invalid (we'll discuss invalid sessions in an upcoming section).
* * Copyright (c) 2012 Yannick Albert ( * Licensed under the MIT license (
Fortunately for us servlet developers, it's not always necessary for a servlet to manage its own sessions using the techniques we have just discussed.Example 7-4 shows a simple servlet that uses session tracking to count the number of times a client has accessed it, as shown in Figure 7-2.The servlet also displays all the bindings for the current session, just because it can. Finally, the servlet displays the current count and all the current name/value pairs in the session. A session either expires automatically, after a set time of inactivity (for the Java Web Server the default is 30 minutes), or manually, when it is explicitly invalidated by a servlet.A servlet that manually invalidates sessions according to arbitrary rules is useful on servers with limited session expiration capabilities.Every server that supports servlets should implement at least cookie-based session tracking, where the session ID is saved on the client in a persistent cookie.(The items you place in the session need to implement the interface to take advantage of this option.) See your server's documentation for details pertaining to your server.