What is session in Java? [duplicate]

Answer 1

As I understand it, your concerns are about separation of the different users when storing things in the HttpSession.

The servlet container (for example Tomcat) takes care of this utilizing its JSESSIONID.

The story goes like this :

1. User first logs onto website.
2. Servlet container sets a COOKIE on the user's browser, storing a UNIQUE jsessionId.
3. Every time the user hits the website, the JSESSIONID cookie is sent back.
4. The servlet container uses this to keep track of who is who.
5. Likewise, this is how it keeps track of the separation of data. Every user has their own bucket of objects uniquely identified by the JSESSIONID.

Hopefully that (at least partially) answers your question.

Cheers