Context
Simple Java EE 6 (JBoss AS 7.1) CRUD Web App, Using a @Named backing bean, @SessionScope of JSF pages:
Question
Why would be a bad idea to store the HTTP session stateon the CDI bean? For example, storing the shopping cart items right there.
Comments
SFSB are meant for this, due to their conversational state, but I've read that they are not easy to use in practice. Also I think that another option would be the HttpSession object.
I'm also aware about the passivation/activation advantage that they hold.
I think you are confused between "session" as used for the HTTP session and as used for a session with a specific bean (the stateful bean in this case).
They serve different purposes, but also overlap. Originally, the session with a SFSB was used for non-HTTP remote clients (Applets and Swing applications). In a way you could say it was the RMI equivalent of the HTTP session.
When there's already an HTTP session available, it doesn't make sense to use stateful session beans for this purpose, and you'd be better of by using HTTP session scoped beans.
Stateful session beans do have their uses though, for instance they're able to accommodate the extended persistence context and can keep e.g. (optimistic) locks open outside of transactions.
When used in a Java EE 6 web application, you'd often want to assign the stateful session bean an HTTP session scope. Otherwise, even though the bean has an internal session, it's not connected to anything but to the proxy you use to communicate with it.
Also see: