I tried to disable session in jsp like this:
<%@ page session="false" contentType="text/html; charset=GBK" %>

then I checked the existence of session using following statement:

if(request.getSession(false)!=null)
log.info("session already existed");


it always returns "session already existed", anyone help me out?

Setting the session attribute of the <@ page %> directive to false does not prevent a session from being created (as you have discovered) - that is not its purpose. Setting it to false stops that particular page from "participating" in the session. If set to false, neither the session scope nor the implicit session variable are available to that JSP, or any elements in the page.

I do not know off hand (someone else may) of any way to prevent a session from being created (but it is not something I have ever researched since all the Web Applications I write are heavily session orientated). I would assume you are trying to prevent a session from being created to reduce memory usage? The best suggestion I would have is to set the <session-timeout> element in the Deployment Descriptor (i.e. the web.xml file) to 1 so a session that is created is destroyed after one minute.
<web-app> . . . <session-config> <session-timeout>1</session-timeout> </session-config> . . . </web-app>
Note, do not set to zero thinking that will prevent a session from being created; per the web-app_2_3.dtd:

"The session-timeout element defines the default session timeout interval for all sessions created in this web application. The specified timeout must be expressed in a whole number of minutes. If the timeout is 0 or less, the container ensures the default behavior of sessions is never to time out."
[ June 09, 2004: Message edited by: Mark Vedder ]

BTW, you could also set the session time out using the setMaxInactiveInterval() method of the HttpSession class. Note that this takes a timeout value measured in seconds, not minutes like the <session-timeout> element of the web.xml.