In the 2.0 version of the Servlet API, you could get hold of a HttpSessionContext object by calling getSessionContext() off an HttpSession. For example:
HttpSessionContext sessionContext = theSession.getSessionContext();
Although HttpSessionContext seems like a useful class for getting easy access to all client sessions, it appears Sun thought access to such private data was too easy. In version 2.1 of the Servlet API the HttpSessionContext class was deprecated for security reasons by Sun, with no plans for a replacement. In short, steer clear of HttpSessionContext!
