Mathews Every time a session is created there is a unique session id created by the container and sent to the browser that originated the request that created the session. So if you have two users they would each get their own session id and then every time they request a resource from that application the container gets the session id from the cookie that is stored on the users computer. URL rewriting is used for when cookies are disabled, it works by taking any URLs sent back to the client and appending the session id to it, that way the session id is part of any request sent by the browser to the container. Does that help, if you need a more detailed explaination let me know.
The more simple method I guess would be assign a unique ID for each user to the particular name and setting its session attribute like this.. session.setAttribute("userid",userid); and then getAttribute like.. String userid=(String)session.getAttribute("userid");