Thanks Ben, With cookie and Url paramter we can maintain session indirectly. But my query is as Http is a staless protocol then how does we can maintain a sesion by setting values in HttpSession, then how does in this HTTP protcol handle it.
Yes, HTTP is stateless. That means the server has to check for a sessionId in every request that comes in (either as a cookie header or as a url parameter). If it finds one, it checks to see if there is an object, stored in session, with a matching id. If not, then it creates a new object and sends the ID back to the browser in the response.
The HTTP protocol doesn't handle it. The servlet container mimicks a stateful session with this technique.