I don't think there is any other way.
Using Hidden Fields or URL re-writing would not only make it server independent but also programming language independent.
Also sessions have to be supported by all containers so it really is a container-independent - only problem that could occur using the httpSession object is if the user has turned of cookies.
jacob deiter wrote:I want to track the session but that stuff should not depend on any server implementation such as web sphere ,web logic ,jboss.so my session tacking is free from any particular server implementation.
This reasoning is illogical. To make your program implementation independent, use J2EE spec. J2EE is designed to make application implementation/provider independent. Just like JDBC programming in J2SE. JDBC client use standard api to connect to DB. You can change DB without chaning your code (If you did it correctly). So to make long story short use Seesion object available in Servlet container environemnt to make your application session aware. Don't woryy about how servlet container make it work and track the session. Container provide this service for free, use it. Don't put your effort to re-envent the wheel. Conatiner tries different strategy to keep track of session, you already mentioned all. For your information HTTP protocal is statless, lots of effort has gone to make the web application session aware. J2EE spec put this burdon on container provider, so application writer need not to worry about.
So why you want to invent an new way to track the session?