To illustrate this requirement with an example: if a servlet uses the
RequestDispatcher to call a servlet in another Web application, any sessions
created for and visible to the servlet being called must be different from those visible
to the calling servlet.
I always assumed that RequestDispatcher can be used for forwarding only within the same web app. And if we need to redirect user's browser to another web app, we must use response.sendRedirect (but this is another story).
So, could someone comment on this? Is it really possible to forward to another web app using RequestDispatcher as stated in highlighted with red quote, or this is only hypothetical example? Maybe specification should be more clear in this section, and choose another example to demonstrate that session is not shared with other app contexts?
It's possible but, because a lot of the details were left out of the spec, it's not very portable.
If you're going to go down that road, you need to really test things in the containers you plan to support as certain things will be different from container to container.
From reading your quote, it looks like 3.0 clarifies some of these things.