The life of a session is upto the life time of a browser and it also the session time out set in the DD. If the client uses multiple Internet Explorer, they will be getting different session provided the browser is not opened using ctrl+n or File>> New >> window.
In context od multiple windows here is the quote from the servlet spec. How the session are treated is depend on the browser processes.
Due to the fact that cookies or SSL certificates are typically controlled by the Web browser process and are not associated with any particular window of the browser, requests from all windows of a client application to a servlet container might be part of the same session. For maximum portability, the Developer should always assume that all windows of a client are participating in the same session.
Closing or terminating windows will not terminate the session. It will still live in the app server. Some servlet container even preserve the session objects , though the server is crashed or restarted. Here is quote from servlet spec.
In the HTTP protocol, there is no explicit termination signal when a client is no longer active. This means that the only mechanism that can be used to indicate when a client is no longer active is a timeout period.
When i stored an object in the session , it was still available in my new browser created through ctr+N, but when i used the same URL in a new browser that same object which i had stored in the session is not visible.
As stated in the Spec i think it depends on the browsers way of handling the session.For IE when we open a new window using ctrl+N the browser will copy whatever session in the current browser to the newly opened browser.
Whereas it won't copy over the same when we open a new window.
SRV.7.1.1 Cookies Session tracking through HTTP cookies is the most used session tracking mechanism and is required to be supported by all servlet containers.
The container sends a cookie to the client. The client will then return the cookie on each subsequent request to the server, unambiguously associating the request with a session. The name of the session tracking cookie must be JSESSIONID.