Abstract
To maintain users' sessions through web browsers, a web server needs facilities for authenticating users and managing their information. Those facilities enable a web server to keep the states of the users, providing services distinguished by the states. As of now, those facilities are provided through non-standardized technologies, leading to the repeated development of similar functionalities through many web programers. In this paper, to solve the problem, we define a new session class containing the information on a user, and present a design and implementation of the Java servlet classes which supply the facilities for authenticating users, managing their sessions, and controling web services according to the groups they belong to. These servlet classes work on any web servers supporting Java servlet such as JavaServer, Apache, and IIS.