with the help of session, the container knows that the user is logged in, but is there a way the containers know about the details of the customer unless they are stored as an attribute in session context?
answer that you are looking for is : httpRequest.getUser
what is httpRequest.getUser;
request...is request object, getUser? no i don't get you.
there is a getUserPrincipal()that Returns a java.security.Principal object containing the name of the current authenticated user. If the user has not been authenticated, the method returns null
and also a request lasts only for a simple request-response cycle, everything that it has will be destroyed when the server sends the response, how come it stores the details of a customer unless he/she sends them through the request?