I don't understand what the problem is. If all this action is taking place as part of a
JSP request-response cycle, or series of cycles, then
you should have the user's session available at all times. It should be there automatically due to the user's request having the session ID.
What exactly have you tried?
Incidently, you should not try to keep a session reference around between request-response cycles, sessions are managed by the
servlet container.
Bill