Session is associated with user (to be specific - user visit to web application). When user open web application on browser, a session is created by web container. If required in logic manipulation in
java code, we can use this session object using HTTPSession methods. Once user browser is closed then session is terminated.
Application scope is associated with web application. As long as web application is deployed on web container, application scope is maintained. there is one application object which is accessible/shared to all users (whole application). If any variable is set in application, it will be accessible to all users (all
servlet code etc).
A session object is created per user visit (visit can contain multiple page requests). If there are 5 users accessing web application, then there will be 5 sessions. And this how we separate one user request from another user request (Amazon purchases in your example).
~ abhay
Oracle certified JPA Developer (1Z0-898),Oracle certified Java 8 Programmer I (1Z0-808), Oracle Java Web Service Developer (1z0-897), Oracle certified Java 7 Programmer, SCJA 1.0, SCJP 5.0, SCWCD 5.0, Oracle SQL Fundamentals I, CIW Certified Ecommerce specialist