Sree,
The best practice is to put all business logic in servlets (or better yet, classes called by servlets) and not in JSPs. JSPs should be strictly presentation.
If you have data that needs to be shared by multiple JSPs in the same request,
you should store the data in the Request object as an attribute.
If you have data that needs to be saved across multiple http requests, store the data as an attribute in the Session object. Yes, the Session object is accessible by all JSPs and servlets that are executing for the given user/session.