1)
As mentioned here,
HttpSession
objects must be scoped at the application (or servlet context) level, where context is,
ServletContext context = request.getServletContext();
2)
HttpSession
object is created per browser session, in tomcat memory.
-----------------------------------------------------------------
Am unable to relate above two points.
An application is collection of different servlets. A servlet spawn a thread per connection from every browser. Every jsp/servlet points to a version of session object that the browser points to.
How can a session object that is created per browser gets scoped at web application level?