Actuaaly I am not sure whether I am using sessions in my site correctly.
Wat I am doing is like this...
Whenever user logs in my site with username password I set his session as--
session.setAttribute(sessionname,anyvariable) here anyvariable is usually userid...
and in subsequent pages I extract that session variable as--
String session_name=session.getAttribute(sessionname) and this session_name is that anyvariable that I have set.
And if session_name is not null and session_name is equaly to that userid(in my case) then his session is true...
Well I just want to know does this implementation has any bugs???