- Application - i.e. all data that is persistent to the whole web server process (like configuration)
- Session - i.e. data saved into the session variables (there is an opinion, and I mostly subscribe to it, that you should keep that minimal).
- Request - i.e. the data you receive from the web client and that you send back to it
An example of framework that does not respect this division is known to everyone - it's Catalyst - fortunately the app/context split is mostly done.
Acknowledgements: Stevan thanks for the web apps scope break down :)