VaadinSession vs WrappedSession

Q: Does storing attributes/data in the WrappedSession play nicely with access() session locking?

Background:

The VaadinSession.getCurrent().getSession() provides access to the underlying HttpSession (via a WrappedSession) whose attributes are stored within the HttpSession.

VaadinSession.getCurrent() provides access to a VaadinSession object whose attributes are stored within the VaadinSession separate from the underlying HttpSession.

I’m planning to have multiple servlets in my web app

  • VaadinServlet for ui
  • HttpServlet for REST (static content, data services, etc)

but I need to share session information between the two (eg, authentication state from UI, and downloadable content created as a result of UI activity), so I’m planning on storing all UI session data in the HttpSession object (VaadinSession.getCurrent().getSession()), rather than the VaadinSession object (VaadinSession.getCurrent()) so that UI activity info is available to the REST servlet(s).

I’m concerned that if I use the underlying HttpSession for all my session data that I might be creating concurrency/asynchronous problem with Vaadin’s session locking mechanisms.