Sessions are created on your behalf by the container. This happens automatically in JSP. All you need to do to work with the session is refer to it using the implicit 'session' object.
Using the newer Expresion Language (EL) you can refer to any scoped variable without knowing the scope to which it is bound.
JSP sessions and a login are not necessarily the same. Are you interested in writing your own authentication or are you planning to use container managed security? If you're writing it yourself, how are you "checking with the existing details"?