how can we cantrol session in java

what are the methods for controlling the java session in servlets ?

What do you mean by 'control' ? How are sessions created and deactivated ?

means how can we control session through cookies and url rewriting etc?

suppose server and client are talking to each other what are the ways by which we can control the session for continuing the conversation between client and server as i mentioned above.

i need some explanation regarding this methods.

Java;s tutorials are a great place to start - http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Servlets11.html

The abstract concept of a "session" or "conversation" is foreign to the HTTP protocol, which is designed for a one-shot request/response type of communication. Therefore a little help is needed.

In J2EE, an object called the HttpSession is constructed on the server. It contains the context for a user's conversation. For security and performance reasons, the HttpSession never leaves the server. However, since HTTP is one-shot, a hash key/magic-number/GUID-like string (the session ID) is passed back and forth between client and server on successive request/response requests so that continuity of communication can be maintained.

Under normal circumstances, this mechanism is completely automatic, and, in fact, it's perilous to attempt to wrest manual control over it. The server knows what it's doing and it may not always do what you think it's going to do, so leave that stuff alone and you'll have fewer support calls.

One thing that you do have to do manually, however, is ensure that any outgoing URLs that need to interact with the session are able to do so. As long as cookies are enabled, there's nothing you need to do. But if the app must be able to work for users who have cookies disabled, you need to use the URLEncode feature of J2EE to have the server rewrite your URL with a session id (jsessionid) attached.

Session control talks about Security .
how to contorl in webapplication:
Default Sessiontimeout 30 min
There is a diffrence
web application level we can maintain in mintues level
servlets level we can maintain seconds level
<web-app>

<Session-Config>
<Session-timeout>10min</Session-timeout>
</Session-Config>
</web-app>

servlet level we can maintain this method
public void SetMaxInactiveInterval(int seconds)

when you declare '0'&'-1' in webapplication it is never expires
when you declare '0' servlet level it is expire immedeately.
and '-1' never expires

Note:Once Session expires we are not allowed to call session methods violation leads to "IllegalStateException" but thid rule is not applicable to this methods

a)get CreationTime()
b)get AcessedTime()
c)get ServeltContext()

basically i want to understand that,if a request come from client side(browser) on server side we create a session(HttpSession ses=request.getSession();) the automatically a session_id has sent to client by web container but what happens when the cookies are disable from the browser,is rewriting url automatically done by web container(like tomcat) when the cookies are disable?
please explain me.....

is rewriting url automatically done by web container(like tomcat)

No

when the cookies are disable?

When a user chooses to disable them in the browser

Thanks,

But suppose a user disable the cookies from the browser then how can he keep in touch with server , i know for this url rewriting taken place but i want to know url rewriting will be written by programer in servlet. please give me the example to clarify this.

The link that I posted earlier has some information on URL rewriting using the encodeURL() method.

http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Servlets11.html