Request scope only exists for the lifetime of a single request/response cycle. The session exists for the duration of a user session. Therefore request attributes are only available during a single request, while session attributes remain available for the duration of the session. you should use request in favor of session attributes when the attribute does not need to "live" beyond the scope of the current request. Session attributes, should be used for data that needs to be available across request boundaries. Btw, there is also an "application" scope whose attributes are available for the entire duration of the application and can be used for data that needs to be cross-request, but is not specific to a user session.