...
This compliant solution stores the last parameter in the HttpSession object, which is provided as part of the HttpServletRequest. The servlet mechanism keeps track of the session, providing the client with the session's ID, which is stored as a cookie by the client's browser. The other information in the session, including the last attribute, are stored by the server. Consequently, the servlet provides the last value that was presented to the servlet in the same session (avoiding race conditions with requests from other sessions). The local variablevariables, which temporarily holds hold data in this example, is are not vulnerable to race conditions in the singleton.
...