Invalidating the existing session and creating new session in servlets
This method may use different rules than On servers that don't support URL rewriting or have URL rewriting turned off, the resulting URL remains unchanged. Then it continues on to display the current session's ID, whether it is a new session, the session's creation time, and the session's last access time.Now here's a code snippet that shows a servlet redirecting the user to a URL encoded to contain the session ID: servlet shown in Example 7-7 uses most of the methods discussed thus far in the chapter to snoop information about the current session and other sessions on the server. Next the servlet displays whether the requested session ID (if there is one) came from a cookie or a URL and whether the requested ID is valid.
(The items you place in the session need to implement the interface to take advantage of this option.) See your server's documentation for details pertaining to your server.
Fortunately for us servlet developers, it's not always necessary for a servlet to manage its own sessions using the techniques we have just discussed.
The Servlet API provides several methods and classes specifically designed to handle session tracking on behalf of servlets.
All URLs emitted by a servlet should be run through this method.
This method encodes (rewrites) the specified URL to include the session ID and returns the new URL, or, if encoding is not needed or not supported, it leaves the URL unchanged.
Search for invalidating the existing session and creating new session in servlets:
In other words, servlets have built in session tracking.  Yes, we do feel a little like the third grade teacher who taught you all the steps of long division, only to reveal later how you could use a calculator to do the same thing.