As we know that the Http is a stateless protocol, means that it can't persist the information. It always treats each request as a new request.
In Http client makes a connection to the server, sends the request., gets the response, and closes the connection.
A session has unique identification and is created when a user enters into a web server with a request which continues till the user stays in the server or till session is timed out.
In session management client first make a request for any servlet or any page, the container receives the request and generate a unique session ID and gives it back to the client along with the response. This ID gets stores on the client machine.
Thereafter when the client request again sends a request to the server then it also sends the session Id with the request. There the container sees the Id and sends back the request.
The main goal is for the client and container to exchange the session ID info.
Session tracking the mechanism of identifying the session and finding out and setting different associated information with a session.