difference between session and application scope at jsp

Application scope
Application scope is the broadest scope and should only be used when necessary. You can create objects bound at application level in JSPs that are not session-aware, so application scope is useful for storing information when using these types of JSPs. You can also use application-bound objects to share data among different sessions of the same application. When you no longer need objects bound to an application, you should explicitly remove them to free up memory resources.

Session scope
In my experience, session scope is more commonly used than application scope. Session scope allows you to create and bind objects to a session. You must create objects bound to the session in session-aware JSPs and make them available to all JSPs and servlets in the same session. Session scope is often used for managing security credentials and for managing state among multiple pages (such as in a Web-based wizard). As with application scope, objects bound to session scope should be explicitly removed when no longer needed. Also, I typically make classes serializable if I intend to bind their instantiations to the session scope.

example to observe how these scopes work http://java.sun.com/developer/onlineTraining/JSPIntro/exercises/Counter/index.html

It is pretty basic, Each time a browser accesses your web application for the first time a session is created... want it or not... this session doesn't mean anything unless you use it... but it would allow you to save data without a DB, text file or cookie, about the users interaction with your web application (site) while they moved through your site... as long as the browser remains open, and the server stays running and the browser sends at least 1 request to your application periodically that session remains in memory and any data stored there can be used by any other part of your application (within limits)... the limits are dependant upon the system, clustering and whether clustering of sessions is part of the design... but that is a whole separate issue...
Typically the default timeout for sessions, which is the period of time that must pass between requests from the client's browser, before the session data is automatically removed from memory is 30 minutes... Most Enterprise systems change this to 10 or 15 minutes depending upon the specific needs... Sessions, if used WILL use system resources which is why Enterprise systems will reduce the timeout setting... faster expiration of unused session memory means supporting more users on less hardware... which means REAL monetary savings...

OK, to understand all this you must understand the meaning of the phrases request, session, page, application etc... I assume you do, and not to be rude this is sometimes a bad assumption so if I explain too high or too low level for your particular needs then I am sorry...

page is like session but the data is limited to a specific page in the application rather than a specific user in the system.

application is like static information... like page it is NOT based on user in the application by is data that can be shared application wide...from anywhere inthe application by any and all users...
request is actually the default... which basically means that the data is available to any component used to service the given request... a request is a single transaction between client browser and server application...

I used "application" quite a bit, but you can substitute "site" for it comfortably if you like...

In Java Application Servers such as JBoss and Tomcat, etc. the browser will make a single request but the server may use MANY components to actually respond to that request...

request scope will share data between all the components which are used to create the final response... this is more of an issue for large scale robust systems and avoids each component having to access the DB for similar data or parsing the UR etc. for information it might need... it is also an easy way to pass information on to the next component without having access to function calls....

Page scope will make the data available to the given page, perhaps page hits is a common generic use, yet no REAL enterprise system I am aware of uses it for that... regardless of user

Application scope, like page, makes the data available across sessions and/or users and across pages... it becomes, basically a static variable... meaning one shared by everyone... you would NEVER want to use this for ANY personal data.... good for server uptime... tracking active users total site hits/second etc....

Session scope is most commonly used because it limits the data to the given user, it is accessible from any page in the system and will automatically be collected eventually, if the user walks away from their PC or just closes the browser without logging out...

Hello rgtaylor,
Thankyou for expalination on the difference between application scope,requestscope and session scope.It gave a much better undersanding where i could not get from book

thankyou
rookie446