Limit is the size of your computers physical memory.you dont store dynamic values in session because someone can modify them in the meanwhile , so store only those values in session which represent any user specific data or static values (i.e. which are not going to be changed while session exists).

Note : static here is not static keyword .

It's your size of the internal/physical memory of the system. The session is create a singleton class in your war file.The war file is stored in your Server. The server is in your C: folder in windows. So the session is depends on your physical memory.

There's no limit. The session in Struts 2 is implemented as a Map to simplify access to servlet session's attributes.

I have written in this answer:

The SessionMap is specifically designed for the purposes if you want to have access to the servlet session attributes. So, the user is able to keep a synchronized collection of objects in session and use it instead of HttpSession directly.

I know only one disadvantage if you get the session from the action context, it might return null. The solution is in this answer.

There are two methods to obtain a session map to the action:

1. Implement SessionAware. By default the session map is populated on action call. This is a preferable way.
2. Get a session map from the action context. This way you should make sure the request is handled by the Struts2 filter.

The first method is preferred, as explained in the docs page, allows you use a session in tests.