Hi Dhilip,
Unfortunately I am unable to answer 1 and 2, beyond "the session store is used during identity validation."
However, the main point of this post is to suggest that for "Actually, my third query is that why can't CA use something like push/pop of session (instead of using session store)?", can I suggest you log an idea for this?
Thanks and regards,
Simon Naunton