Just to note: you're not getting responses because this is not your personal information service. Asking "How I do this" questions is not the way a developer does his thing, it's your job to figure that out. Doing a Google for "jsf 2 user authentication" will most likely yield some very interesting results...
Good luck, and feel free to drop back in once you have something specific that you need help with.
The session is used to store information for a single user that lasts longer than one request - that is indeed a good place to store SOMETHING that would identify the user as authenticated wouldn't you think?
I hope you know at least the bare basics of Java web development because if you do not it is simply pointless for you to ask for help - you can't be helped, you don't know the basics. You can at least partly remedy that by reading through this free online book:
Now say I'm just wrong and you do know some things - I'll just tell you what you should be searching for to do it "the right way": jee container managed security. Being able to implement that requires that you do know your stuff though and part of implementing it is specific to whatever server software you are using to configure some things, you're not going to do it only by copy pasting some code.
Of course doing a google for "java jsf authentication" may get you to some alternative scenarios that may be easier to understand for you. On that note I'm going to end this "how to google for stuff" session. Good luck!
Thanks for responding, My problem is not with the basics java web development, but the whole thing I learned and read is not structured enough in my mind so that I can get a clear image of the concept and understand exactly what I need.
once again thanks for help