don't understand with behaviour with tomcat session

Hi all,
I have got a web application(on tomcat server) in which clients have to
be logged to enter. And I would like to create only new user's session
if user's authentification is successful (login/password correct). So,
normaly the number of users logged = number of tomcat's sessions.
In my webapps, I use a 'AuthenticationFilter' which implement Filter
java Class . When user fill his login and password and click button
'enter', I pass in function 'doFilter '

public class AuthenticationFilter implements Filter
{
       public void init(FilterConfig config) throws ServletException {}
       public void doFilter(ServletRequest req, ServletResponse
res,FilterChain chain) throws IOException, ServletException
       {
           HttpSession session =
(HttpServletRequest)req).getSession(false);
           //session is null, ok no problem
           HttpServletRequest request = (HttpServletRequest)req;
           //by casting req to HttpServletRequest, a session is created,
and I don't understand
           HttpSession session2 = request.getSession(false);
          //and now session2 is not null.
        }

     public void destroy() {}
}

I don't understand why when I do this : HttpServletRequest request
= (HttpServletRequest)req;
a new session is created, (I verified also in tomcat manager)
Has anybody already dealed with this problem?
I use eclipse too with wtp for debug.