HttpSession is just an interface specification, so no specific details are defined;
In the specific implementation of HttpSession, thread safety is considered. For example, all session attributes in Tomcat8 are stored in an independent ConcurrentHashMap;
Blindly locking and synchronizing the session will cause performance problems. When to lock the session actually depends on your specific needs.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
HttpSession is just an interface specification, so no specific details are defined;
In the specific implementation of HttpSession, thread safety is considered. For example, all session attributes in Tomcat8 are stored in an independent ConcurrentHashMap;
Blindly locking and synchronizing the session will cause performance problems. When to lock the session actually depends on your specific needs.