Scope of session object

Question

1)

As mentioned here,

HttpSession objects must be scoped at the application (or servlet context) level, where context is,

ServletContext context = request.getServletContext();

2)

HttpSession object is created per browser session, in tomcat memory.

-----------------------------------------------------------------

Am unable to relate above two points.

An application is collection of different servlets. A servlet spawn a thread per connection from every browser. Every jsp/servlet points to a version of session object that the browser points to.

How can a session object that is created per browser gets scoped at web application level?

score -1 · Answer 1 · answered Dec 26 '17 at 06:25

Session(or session id) is generated at server and transfer to browser through cookie or URL rewriting(when cookie is banned in browser).

In general, a session id is generated while user access the website. And after logging in, the server will change the session id for safety issues.

Session expired when:

(1)call session.invalidate()

(2)timeout configuration:

<session-config>
<session-timeout>xxx</session-timeout>
<session-config>

(3)Server restart(while the sessionid is saved in local cache)

Scope of session object

-----------------------------------------------------------------

1 Answers1