But these rule is not applicable for get Servlet Context() method.
Critical data should always be saved to a permanent datastore (such as the database), and the session should be reserved for data caching and user management information.
This code example shows how to set and get variables stored in a session.
But when I originally wrote that blog code (back in 1999), I had no interest in tracking visitors (and I personally still don't).
Earlier this year I wrote an application for a client using JSF and JAAS, but unfortunately I don't remember if we did anything to access the servlet session.
Standard Wrapper Valve.invoke(Standard Wrapper Valve.java:214) at org.apache.