Hi I have a stupid question. Does Session continue when access a different web server in a different site? The think I am worrying is that: what if someone creates a jsp page on the local web server, then creates a session and all the input variables in it, then can he access to my servlet on my server with out login? I plan to use my login.jsp to create a session, then add "user" attribute to the session, then all my servlet and Jsp will check for the "user" Session attribute, if null, return to the login.jsp. But can someone creates the session and session attribute on his own server, then access my servlet without login? Thanks!