Section 21.1 of the documentation may have been intended to be generic instructions on how to create custom injection, unfortunately HttpSession use-case could lead to PermGen error. If the current instructions are followed injection of HttpSession result in the creation of a new proxy class every time. This can lead to PermGen error unless jvm class unloading is enabled (UseConcMarkSweepGC/CMSClassUnloadingEnabled jvm args). While this may seem reasonable a better solution is to proxy the HttpSession object and create it in the RequestScope.
Change the documentation from this:
Note that WebComponentBinder class does the above for various request scoped objects (i.e. HttpServletRequest).