Paul Sturrock is right. To explain it furthur use the response.encodeURL() with every page link that you are sending as a response. E.g.
now what will happen is that your server will add a query string on the URL like this
In this way you will be able to recognize the requests coming from same clients. The server will manage this automatically i.e. it will automatically create a session based on the session ID provided in the query string.
Remember you must wrap each link that you send to the client where you want the session to remain alive. If any link is not encoded, clicking on that link will end that session.