Where Vaadin stores the bulk data

I am trying to understand how Vaadin works. From the implementation I could understand that the request response is using JSON along with a session ID (GUID). I understand that the whole data is not passed to the client side (Browser) and make the DOM heavy and is also not hitting the API for each and every action or lazy loading of data. I like to know where the data is stored on the server side.

Thank you,

In the components basically. The server side has to have the entire state of the application so that it could rebuild the UI if it had to (in cases where you use @PreserveOnRefresh in Vaadin7, and in every app in Vaadin6 where a refresh doesn’t create a new session).

So, user session has an reference to the ui, ui, has a reference to the content (usually a component container like VerticalLayout), component containers have a list of components within it, all the way to simple components. In Vaadin 7 style components, all the info on the component should be accessible in their state object, for example Button stores all the info into ButtonState, which gets sent over to the client side as well - to ButtonConnector.

Only a few components have been rewritten to use the new way of building widgets in Vaadin 7. Those that pop into my mind directly is Label, Button, HoriziontalLayout and VerticalLayout. The others uses the Vaadin 6 way, where every time there is any communication between server and client, everything gets sent over to one single method, which then parses all the info from there and either renders the widget for the first time or updates the widget to the new state if it was already rendered.

Maybe this
in Book of Vaadin might shed some light on this.

Hope that helps to understand.

The server-side state (basically the component tree and various metadata) is contained in a VaadinSession instance, which itself is stored in the backing session instance provided by the server: either HttpSession in case of a servlet or PortletSession with a portlet.

The HttpSession (or PortletSession) is identified by the server (servlet/portlet container) using the regular Java mechanism, in the former case by the JSESSIONID cookie. The UUID passed along with Vaadin JSON requests is an additional token designed to protect against cross-site request forgery attacks (implementing the
Double Cookie Submission