I normally wouldn't store sessions in the DB, I'd keep them on the app server (or whatever kind of server it is that runs the repository system). A session is really just a glorified Map for each user. Assuming that there are persistent socket connections for each client, the server would effectively keep a Map<Socket, Map<
String,Object>> where all session maps are stored with the socket as the key to retrieve them.