In any Java servlet container, such as Apache Tomcat, the javax.servlet.http.HttpServlet class is a singleton class (see MSC07-J. Prevent multiple instantiations of singleton objects for information related to singleton classes). Consequently, any fields in a subclass are only instantiated once, just like any static fields. A common mistake is to use fields in this class to store information specific to individual clients. ThereforeBecause this information can leak to other users, classes that inherit from HttpServlet must not contain non-static fields.
...