It's fine in the sidebar, you just need to understand the limitations of trying to hack tapestry to function outside of the normal request / response flow.
CometD requires that the HttpSession is created before the push occurs. Perhaps you could initialize your httpsession scoped list in the setup render of your page. Or better yet, your chat history etc could be stored in an IOC service (a singleton perhaps?) instead of storing in the HttpSession. Take a look at my ChatService example. You will most likely find that your code quality and scalability improves as you reduce HttpSession usage. As a rule, I rarely find it necessary to store any more than a userId in the HttpSession. Everything else is delegated to IOC services.
