Quote:
Each time the request gets in, hibernate session is retrieved from http session, reconnect, and be assigned to threadloacl in servlet or filter
You need to implement some workaraund to make session thread safe,
user can click the same page twice without waiting the first request to complete (This problem was reported in forum too), frames, dynamic images (charts) can access session concurently, it is possible to prevent, but you must think about it on infrastructure level and it becomes "dangerous". It is very hard to find this kind of bugs, it depends on user input and UI changes can break session managemet.
Session level cache in httpsession is "dangerous" too,
if user closes browser before to complete "transaction" then you have a memory leak, it can produce problems on heavy load and it is amost inpossible to find the cause in production and can be hard to find in tests.
It is not very "bad" and it is possible to find solutions, but this kind of resouce management is "dangerous",
problems can be visible on heavy load and in production only (resource management depends on user input).
It is very easy to live without resouces like cache or connection in httpsession. I think it is a good way store session state on client (hidden form fields) It was very popular in CGI scripts, but it is a good way at this time too, It is more safe and not very hard to use. Hashtable in httpsession leaks memory too, but it is not so "dangerous" in practice if you store user input only without persistent state retrieved from db,
It is more easy to use than form fields on client.
[/quote]