request and response objects are created by the
servlet runner and are provided to servlet coders as parameters on certain (very useful) methods like doGet and doPost. As such (and because the web is stateless) each request and response object are recreated each time the servlet is invoked.
The session is maintained in a different context than these objects, and is only encapsulated by the request object.
I think it's a mistake to link 'containment' with 'life-time'. Just because a request contains a reference to the session, doesn't mean the request lasts longer. In fact, its the opposite.