Welcome to CodeRanch!
Spring will only create one instance of a bean with the
Singleton scope for the lifetime of the Spring container. That means if you inject a
UserLogin for two different user sessions during the same lifetime of the application, both will have the same
UserLogin instance injected.
Singleton- or application-scoped beans must be stateless. They are initialized once, and their state should not change afterwards. The reason is that these beans are shared between different, possibly concurrent requests. If you make them stateful, you need to synchronize between requests, which causes a huge performance hit.
Request- and prototype-scoped beans can be stateful, since they are only ever handled by one
thread. At least... you're not spawning new threads from your requests, are you?
Session-scoped beans are tricky. They're typically stateful because you use them to keep track of information between separate requests, but because they can be accessed by multiple requests concurrently, you have to make them thread-safe. Since you only synchronize between requests belonging to the same session, the performance overhead is not a big issue.