You can get a session (using HttpServletRequest.getSession()) whether cookies are enabled or not. (But, if cookies are not enabled, you'll get a new session each time!) If you have cookies enabled, or are using SSL, then the container is able to recognise requests that belong to the same session. If not, then you need to help it along, by passing the session ID along in the URL. You can get the session ID (as a string) by calling getId() on the session. You then add a parameter "jsessionid" to the URL with the ID as its value, eg: http://localhost:8080/timd/servlet/SessionReader;jsessionid=1163B45839073195F84284 68C779C045 It's all in the Servlet spec.
[This message has been edited by Tim Duncan (edited November 27, 2001).]
Al the test for sessionid, if session cookies are enabled etc. can happen in the background. Everywhere in your servlet or on your jsp page that you need to put a url, call HttpServletResponse.encodeURL(String url) and it will return a properly encoded url if and only if it is necessary to use this for session tracking.