It is certainly possible to create your own "session" management - Just:
1. Define the class that does all you want, make it Serializable so the individual user sessions can be stored on disk or in a database.
2. On initial entry of your user, create an instance and give it a unique id
string that is also a valid file name and write it to disk
3. IF you want to use the servlet session mechanism at all, store the id in the user's session, otherwise use the cookie mechanism to ensure that every user request will contain the unique id.
4. On subsequent requests recover the serialized object, modify and re-write.
Add some caching and you will have duplicated the servlet session with your own code. An interesting programming exercise but probably not necessary.
Bill