Some [random] precisions:

一些 [随机] 精度：

1. You don't need login/logout mechanisms in order to have sessions.
2. In java servlets, HTTP sessions are tracked using two mechanisms, HTTP cookie (the most commonly used) or URL rewriting (to support browsers without cookies or with cookies disabled). Using only cookies is simple, you don't have to do anything special. For URL re-writing, you need to modify all URLs pointing back to your servlets/filters.
3. Each time you call request.getSession(true), the HttpRequestobject will be inspected in order to find a session ID encoded either in a cookie OR/AND in the URL path parameter (what's following a semi-colon). If the session ID cannot be found, a new session will be created by the servlet container (i.e. the server).
4. The session ID is added to the response as a Cookie. If you want to support URL re-writing also, the links in your HTML documents should be modified using the response.encodeURL()method. Calling request.getSession(false)or simply request.getSession()will return null in the event the session ID is not found or the session ID refers to an invalid session.
5. There is a single HTTP session by visit, as Java session cookies are not stored permanently in the browser. So sessions object are not shared between clients. Each user has his own private session.
6. Sessions are destroyed automatically if not used for a given time. The time-out value can be configured in the web.xmlfile.
7. A given session can be explicitly invalidated using the invalidate()method.
8. When people are talking about JSESSIONID, they are referring to the standard name of the HTTP cookie used to do session-tracking in Java.

1. 您不需要登录/注销机制来进行会话。
2. 在 Java servlet 中，使用两种机制跟踪 HTTP 会话：HTTP cookie（最常用）或 URL 重写（以支持没有 cookie 或禁用 cookie 的浏览器）。仅使用 cookie 很简单，您无需做任何特别的事情。对于 URL 重写，您需要修改所有指向您的 servlet/过滤器的 URL。
3. 每次调用 时request.getSession(true)，HttpRequest都会检查该对象，以便在 URL 路径参数（分号后面的内容）中找到在 cookie 中 OR/AND 编码的会话 ID。如果找不到会话 ID，servlet 容器（即服务器）将创建一个新会话。
4. 会话 ID 作为 Cookie 添加到响应中。如果您还想支持 URL 重写，则应使用该response.encodeURL()方法修改 HTML 文档中的链接。如果未找到会话 ID 或会话 ID 指代无效会话，则调用request.getSession(false)orrequest.getSession()将返回 null。
5. 有一个单一的HTTP会话访问，如Java会话Cookie不会在浏览器中永久保存。因此会话对象不会在客户端之间共享。每个用户都有自己的私人会话。
6. 如果在给定时间内没有使用会话，会话将自动销毁。超时值可以在web.xml文件中配置。
7. 可以使用该invalidate()方法显式地使给定会话无效。
8. 当人们谈论 时JSESSIONID，他们指的是用于在 Java 中进行会话跟踪的 HTTP cookie 的标准名称。

I suggest you read a tutorialon Java sessions. Each user gets a different HttpSession object, based on a JSESSIONID request/response parameter that the Java web server sends to the browser. So every user can have an attribute with the same name, and the value stored for this attribute will be different for all users.

我建议您阅读有关 Java 会话的教程。每个用户根据 Java Web 服务器发送到浏览器的 JSESSIONID 请求/响应参数获得不同的 HttpSession 对象。所以每个用户都可以有一个同名的属性，并且为这个属性存储的值对于所有用户来说都是不同的。

Also, WebContextFactory and WebContext are DWR classes that provide an easy way to get the servlet parameters.

此外，WebContextFactory 和 WebContext 是 DWR 类，它们提供了一种获取 servlet 参数的简单方法。

As I understand it, your concerns are about separation of the different users when storing things in the HttpSession.

据我了解，您担心的是在 HttpSession 中存储内容时分离不同的用户。

The servlet container (for example Tomcat) takes care of this utilizing its JSESSIONID.

servlet 容器（例如 Tomcat）利用其 JSESSIONID 处理此问题。

The story goes like this :

故事是这样的：

1. User first logs onto website.
2. Servlet container sets a COOKIE on the user's browser, storing a UNIQUE jsessionId.
3. Every time the user hits the website, the JSESSIONID cookie is sent back.
4. The servlet container uses this to keep track of who is who.
5. Likewise, this is how it keeps track of the separation of data. Every user has their own bucket of objects uniquely identified by the JSESSIONID.

1. 用户首先登录网站。
2. Servlet 容器在用户浏览器上设置一个 COOKIE，存储一个 UNIQUE jsessionId。
3. 每次用户访问网站时，JSESSIONID cookie 都会被发回。
4. servlet 容器使用它来跟踪谁是谁。
5. 同样，这就是它跟踪数据分离的方式。每个用户都有自己的由 JSESSIONID 唯一标识的对象桶。

Hopefully that (at least partially) answers your question.

希望（至少部分）回答您的问题。

Cheers

干杯

Your basic servlet is going to look like

你的基本 servlet 看起来像

public class MyServlet{

public doGet(HttpServletRequest req, HttpServletResponse res){
//Parameter true: 
//    create session if one does not exist. session should never be null 
//Parameter false: 
//    return null if there is no session, used on pages where you want to 
//    force a user to already have a session or be logged in
//only need to use one of the two getSession() options here. 
//Just showing both for this test
HttpSession sess = req.getSession(true);
HttpSession sess2 = req.getSession(false); 

//set an Attribute in the request. This can be used to pass new values
//to a forward or to a JSP
req.setAttribute("myVar", "Hello World");
}

}

There is no need to set any attribute names for your session that is already done. As others have suggested in other answers, use cookies or URL re-writing to store the sessionID for you.

无需为已经完成的会话设置任何属性名称。正如其他人在其他答案中所建议的那样，使用 cookie 或 URL 重写来为您存储 sessionID。

When you are dealing with the DWR WebContext, it is simply doing the same thing as above, just normally the Request object isn't passed into the method, so you use the WebContext to get that request for you

当您处理 DWR WebContext 时，它只是在做与上面相同的事情，只是通常不会将 Request 对象传递到方法中，因此您可以使用 WebContext 为您获取该请求

public class DWRClass {
 public doSomething(){
WebContext ctx = WebContextFactory.get();
HttpServletRequest req = ctx.getHttpServletRequest();
HttpSession sess = req.getSession(); //no parameter is the same as passing true

//Lets set another attribute for a forward or JSP to use
ArrayList<Boolean> flags = new ArrayList<Boolean>();
req.setAttribute("listOfNames", flags);
}
}