I am debugging a web application, where each logged in user has a "session variable map" implemented in a simple Spring session scoped bean that has a session scoped HashMap bean injected. Originally these beans were in the main webapplication's servlet context, but later they were put into a different web service (!) and are accessed via one of Spring's remoting techniques, RMI, HttpInvoker and Hessian can be choosed in property files. The application still works with several users, non-clustered, Weblogic 10.3.
My question is: why does it work? I think session scoped beans should work only in the same webapplication, that receives the HTTP request. How can the "session" propagate through the RMI invokation?
My theory:
The remoting client is session-scoped as well. That way there will be exactly one remote session for every local session (as long as the client is not stateless)