When dealing with HTTP, there is no permanent connection between a browser and a Web server. When the browser needs a page from the Web server, it opens a connection, retrieves the page, and then closes the connection. After that, the Web server has no idea what is happening on the browser. The browser could crash, or the entire client computer could be turned off, and the Web server would be oblivious.

Furthermore, when another connection is made, the Web server does not associate the new connection with any other that has been made in the past. In other words, HTTP is not session-oriented. Sessions allow an application to remember something about a client that persists between connections. JSPs have a notion of a session and, thus, can store information on the server using a single key that the client remembers.

<%@ page language="java" import="java.util.*" %>

////////////// get the login information:
  String userName = request.getParameter("username");
  String password = request.getParameter("password");

////////////// and save it in the session:

  session.setAttribute("username", userName);


    Welcome, <%=userName%>!
    <form action="..." method="get">