Every open internet browser window is considered a session. When you add an attribute to an HttpSession object, it will be on a per user per screen basis. You do not have to do this manually.
The application scope (the
servlet context) is shared by all users. The session scope is per indivudual user and screen (sort-o-say) and not shared.
Scope can be a bit confusing at first. but there are a lot of good references on the internet to it. Hope this helps in some way.