Session-scoped and request-scoped objects are only allowed by Spring to exist in a web-aware Spring ApplicationContext container. If these objects are to be fetched in an AnnotationConfigApplicationContext or ClassPathXmlApplicationContext container, an IllegalStateException will be thrown.

In the case of a request-scoped bean, the validity of its life cycle depends on the duration of each request dispatch. This mode of transaction starts when the client accesses the handler method and ends when the views have received all transported objects from the request handler. Once the HTTP request cycle is completed, all request-scoped beans are destroyed.

Session-scoped beans live longer than request-scoped beans because all their properties are coterminous with a specific HTTP session in the application.

The SalaryGrade bean is injected as a WebApplicationContext.SCOPE_REQUEST bean and must always be proxyMode=ScopedProxyMode.TARGET_CLASS to avoid IllegalStateException. In XML-based containers, the injection can be done as:

<bean id="salaryGrade"  
 class="org.packt.dissect.mvc.model.data.SalaryGrade"  
 scope="request"> 
      <aop:scoped-proxy/> 
</bean> 

In the case of the Education bean, it is injected as WebApplicationContext.SCOPE_SESSION with proxyMode=ScopedProxyMode.TARGET_CLASS also. The XML equivalent of this injection is:

<bean id="education"  
  class=" org.packt.dissect.mvc.model.data.Education"  
  scope="session"> 
      <aop:scoped-proxy/> 
</bean> 

These two beans will be searched and injected into the BeanScopeController through the @Autowired annotation. This controller will first dispatch these objects to req_beans for rendition. Now, a hyperlink in req_beans will redirect all these beans to a separate view which is already the request dispatch transaction. From the image in Step 7, it is shown that the request-scoped SalaryGrade was instantiated a few seconds after clicking the hyperlink, whereas the session-scoped Education maintains its values and properties for the entire process.

Note that in order to use the session scope, you have to be using a web-aware Spring application context, such as WebApplicationContext. Otherwise, there's no way for the scoped proxy to reference a current session.

Lastly, do not be confused between @SessionAttributes and session-scoped beans because the former creates objects in the session, while the latter only uses the session as the basis of its object life cycle and nothing else.