1. When ever client sends a first request to the server ,the server required to remember client information for the future purpose.Then server creates a session object and stores the required session information in the form of session attributes.
  2. Server sends the corresponding session id as part of first response,Browser saves that session id and sends back to the server for every consecutive request.
  3. By accessing the session id and the corresponding session object server can able to remember client information across multiple requests.This mechanism is nothing but “Session management”.

HttpServletRequest interface defines the following 2 methods for the creation of session Object.

  1. getSession()
  2. getSession(boolean b)

public HttpSession getSession();


HttpSession session=req.getSession();

  1. This method first checks is any session already associated with the request.if it is,then this method returns existing session object.
  2. If the request is not associated with any session then this method will create a new session object and returns it.
  3. There is a guarantee that this method will always returns a session object ,it may be already existing one or newly created one.
getSession(boolean b)
  1. If argument is true,then this method is exactly same as getSession().
  2. If the argument is false, then the method checks whether the request is associated with any session or not.If it is associated then this method returns exisiting session object
  3. If the request is not associated with any session this method returns simply null without creating any new session Object.i.e There is no guarantee that this method always returns a session Object