You actually don't need to know how HTTPSession keeps state in order to use it.
*BASICLY* When a new session is created by a servlet (or any other
J2EE component) a reference is passed back to the client (in the form of a cookie or session id in the URL - which then gets sent back to the server (by the browser) on subsequent requests).
So you get a session like this:
HttpSession session = request.getSession();
Add stuff to a session like this:
HttpSession session = request.getSession();
session.setAttribute("something", "some text or an object");
Get stuff out of a session like this using a cast:
HttpSession session = request.getSession();
String text = (String) session.getAttribute("something");