Thread safe Please help!!!

Which model is thread safe:
import javax.servlet.http.*;
Part 1:
public class SetUpAccount extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res) {
Account account = new Account();
req.getSession().setAttribute("Account", account);
......
req.getSession().getAttribute("Account");
}
}
PART 2
public class SetUpAccount extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res) {
Account account = new Account();
req.setAttribute("Account", account);
......
req.getAttribute("Account");
}
}
I think its part two.
Pleas help
Thanks
Deee

you are right, while request objects are threadsafe, session objects are not .
you can read this:
http://www.coderanch.com/t/164301/java-Web-Component-SCWCD/certification/Objective-Thread-Safety-Sesion-Object

You are terribly wrong!
In fact, request and response objects are not thread-safe.
You can see Servlet 2.4 specification SRV.2.3.3.3 Thread Safety.

part II is safe, because the object (attribute) is bound to the request. Each request will create a separate request object.
Actually part I is pretty safe too that the object (attribute) is bound to a session, and in practice there's only one user per session so a user can only make one request at a time, right? Forget about hacking/bot/etc

Anyway, part II is safer

A user can make more than one request at a time if:
- an application page uses <frame>s, or
- if it includes non-static images, and if the application requires access to the session object to serve those images.

Ron is correct. Additionally, at least with IE on Windows, it is possible for multiple browser windows to share cookies and therefore share sessions.
hth,
bear

Right -- in any browser, a user can "Open in New Window" multiple links, potentially causing multiple requests to run simultaneously in the same session.