一、規范中的SESSION描述

（PortletSession objects must be scoped at the portlet application context level. Each portlet application has its own distinct PortletSession object per user session. The portlet container must not share the PortletSession object or the attributes stored in it among different portlet applications or among different user sessions.）
上面這段話是portlet規范里的一段。很明白的可以看出，每個Portlet Application應該在Process Action和Render的時候應該擁有自己私有的Session對象，來為當前用戶服務。也就是說，如果某一個用戶在一個PORTAL系統中操作不同的PORTLET，而且這些PORTLET屬于不同的PORTLET APPLICATION，則，這個用戶將操作多個SESSION對象，用戶在每個PORTLET中操作SESSION時，這個SESSION都將是屬于該PORTLET所在的上下文的私有SESSION 對象。比如，用戶當前頁面有三個PORTLET，每個PORTLET都屬于不同的PORTLET APPLICATION。則當該用戶在第一個PORTLET里面有對SESSION的操作后，該PORTLET所屬的APPLICATION將為這個用戶生成一個SESSION；當該用戶又操作第二個PORTLET中的SESSION時，該上下文有會對此用戶產生一個新的SESSION對象；第三個依然如此。加上PORTAL系統的SESSION，也就是該用戶實際和四個SESSION在大交道。

另外要說明一點的是，PORTLET APPLICATION和WEB APPLICATION的關系。規范中有如下的定義：
（Portlets, servlets and JSPs are bundled in an extended web application called portlet application. Portlets, servlets and JSPs within the same portlet application share class loader, application context and session. ）
這說明PORTLET APPLICATION其實就是一個WEB APPLICATION。規范中還有一段話更是說明了這個問題，同時也強調了PORTLET SESSION 和普通的該APPLICATION的SESSION的關系：
（A Portlet Application is also a Web Application. The Portlet Application may contain servlets and JSPs in addition to portlets. Portlets, servlets and JSPs may share information through their session. The PortletSession must store all attributes in the HttpSession of the portlet application. A direct consequence of this is that data stored in the HttpSession by servlets or JSPs is accessible to portlets through the PortletSession in the portlet application scope. Conversely, data stored by portlets in the PortletSession in the portlet application scope is accessible to servlets and JSPs through the HttpSession. If the HttpSession object is invalidated, the PortletSession object must also be invalidated by the portlet container. If the PortletSession object is invalidated by a portlet, the portlet container must invalidate the associated HttpSession object.）

最后一點要說明的是怎樣得到PORTLET SESSION對象。規范中有這樣一個例子：
PortletSession session = request.getSession(true);
URL url = new URL(“http://www.foo.com“);
session.setAttribute(“home.url”,url,PortletSession.APPLICATION_SCOPE);
session.setAttribute(“bkg.color”,”RED”,PortletSession.PORTLET_SCOPE);