Your understanding is correct. However I would like to add something
Whereas if the scope is defined as session for the bean, if a user
makes a request for a web page more than once, then on every request
same bean would be returned.
I would change it as “Whereas if the scope is defined as session for the bean, if a user makes a request for a web page more than once, then on every request same bean would be returned, as long as the requests are within the same user session and made from a client which is capable of maintaining the session (You can’t expect the curl to maintain the usersession unless you pass the cookie/session identifier header).“