Server-side sessions can be implemented in two ways:
<c:url>consistently will achieve this.)
In practice, most browsers have cookies enabled, so most sessions are implemented by cookies. It's important to know that each cookie is attached to a domain, and nothing else. So, every time the browser interacts with that domain, the cookie is sent to that domain's server. In particular, for a given browser, the same cookie is sent for every tab/instance that interacts with that domain.
As a consequence, with a given client and browser (that has cookies enabled), there's no way to have multiple sessions at the same time. If the user has multiple accounts, and logs in a second time with a different account, on a different tab, then they are actually overwriting the first login. They have only one session, not two.