It is pretty basic, Each time a browser accesses your web application for the first time a session is created... want it or not... this session doesn't mean anything unless you use it... but it would allow you to save data without a DB, text file or cookie, about the users interaction with your web application (site) while they moved through your site... as long as the browser remains open, and the server stays running and the browser sends at least 1 request to your application periodically that session remains in memory and any data stored there can be used by any other part of your application (within limits)... the limits are dependant upon the system, clustering and whether clustering of sessions is part of the design... but that is a whole separate issue...
Typically the default timeout for sessions, which is the period of time that must pass between requests from the client's browser, before the session data is automatically removed from memory is 30 minutes... Most Enterprise systems change this to 10 or 15 minutes depending upon the specific needs... Sessions, if used WILL use system resources which is why Enterprise systems will reduce the timeout setting... faster expiration of unused session memory means supporting more users on less hardware... which means REAL monetary savings...
OK, to understand all this you must understand the meaning of the phrases request, session, page, application etc... I assume you do, and not to be rude this is sometimes a bad assumption so if I explain too high or too low level for your particular needs then I am sorry...
page is like session but the data is limited to a specific page in the application rather than a specific user in the system.
application is like static information... like page it is NOT based on user in the application by is data that can be shared application wide...from anywhere inthe application by any and all users...
request is actually the default... which basically means that the data is available to any component used to service the given request... a request is a single transaction between client browser and server application...
I used "application" quite a bit, but you can substitute "site" for it comfortably if you like...
In Java Application Servers such as JBoss and Tomcat, etc. the browser will make a single request but the server may use MANY components to actually respond to that request...
request scope will share data between all the components which are used to create the final response... this is more of an issue for large scale robust systems and avoids each component having to access the DB for similar data or parsing the UR etc. for information it might need... it is also an easy way to pass information on to the next component without having access to function calls....
Page scope will make the data available to the given page, perhaps page hits is a common generic use, yet no REAL enterprise system I am aware of uses it for that... regardless of user
Application scope, like page, makes the data available across sessions and/or users and across pages... it becomes, basically a static variable... meaning one shared by everyone... you would NEVER want to use this for ANY personal data.... good for server uptime... tracking active users total site hits/second etc....
Session scope is most commonly used because it limits the data to the given user, it is accessible from any page in the system and will automatically be collected eventually, if the user walks away from their PC or just closes the browser without logging out...
