HttpSession
is a high level interface built on top of cookies and url-rewriting, which means that there is only a session ID is stored in client side and the data associated with it is stored in server side.
Where is the HttpSession
data actually stored in the server side? In the JVM memory or somewhere else? Can I change the place where to store it, e.g. save them into an in-memory database?
If it's not in a database, is there any concurrency problem when many clients work on the same session data at the same time?