session tracking

1.Traditional  Ways to perform session tracking: User Authentication(getRemoteUser() ); Hidden Form Fields(<input type=hidden name="..." value="...">); URL Rewriting( some use java.rmi.server.UID().toString() to dentify unique one); Persistent Cookie.

2. Sessions are scoped at the web Application level.

3. setting the session timeout:  in web.xml:<session-config> <session-timeout> value </session-timout> </session-config>.  HttpSession.setMaxInactiveInterval(int secs) secs<0means never time outm

4. URL rewriting session tracking: HttpServletResponse.encodeURL(String url);    HttpServletResponse.encodeRedirectURL(String url);  HttpServletResponse.isRequestedSesssionIdValid();

5.session binding: session.addAttribute(key, new HttpSessionBindingListener());

HttpSessionBindingListener.valueBound()&HttpSessionBindingListener.valueUnbound() involk when bind&unbind