I would like to clarify the concept of thread safe about session and request scope, if I am wrong, please feel free to tell me.
For session, it is non-thread safe because if 2 threads, tA1 and tA2, access same servletA simutanously, the session object comes from both request and is refered by both reference. So both reference refer to the same session object.
For request, it is thread safe because when tA1 and tA2 access same servletA, both request will be generated from servlet container and pass to the service method of servletA. So both reference of request refer to different request object.
Am I right?
Thanks in advance!
Multiple requests might access the same session, that is why session is not thread safe. While at any given time, only one thread can process one request, even if it forwards to a different servlet/jsp, they share the same attributes that are in scope of request.
Originally posted by Jack Lau:
um, I still do not understand that if request 1 and request 2 are coming from different clients, client 1 and client 2 respectively, they actually have different session (e.g. different session id). So the objects in session scope should be thread safe?
objects in session scope are NOT thread safe, you can have SEVERAL *browser instances* running on the same machine having same session ID cookies, thus participating in the same session.
How to emulate this situation is described here.