This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Sorry that I'm not getting what is your doubt in the session tracking. Nevertheless I try what I can answer.
First of all, you seem very new to the Web application development. Eventhough friends here at javaranch are friendly enough to answer your questions, I would strongly suggest you to read a generic book on web application development which would explain very clearly.
To implement session for sets of pages:
1. Before accessing every page, check if there is a active session 2. If session is not there, redirect to login page 3. After user submits the login name/password, validate and create a session 4. Show the page.
In jsp you can just use the session variable to access the current session. Note that if there was no session for a user, system would automatically creates one. So to check if user logged in or not, you should check for some predefined value is stored in the session or not.
(If you session session="false" in the page directive, then jsp engine would not create a session varialbe. Then you can use the request.getSession(false) or request.getSession(true)) methods to control the session.
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com