Do any object bound to an HTTP Session HAVE TO BE Serializable?
Even if the web App is not marked as Distributable???

I've stored objects in http sessions using tomcat, and got an NotSerializableException!!!

> Even if the web App is not marked as Distributable???
>
> I've stored objects in http sessions using tomcat, and got an NotSerializableException!!!

Yes they need to be serializable as the container might decide to swap the data to some store if the session is not busy and memory on the server is low .........

not sure what the servlet spec says, but...

using weblogic 7, we noticed some log messages warning us that it couldn't serialize certain objects in our session. however, as i understand it, weblogic was really just *trying* to serialize the object. if it couldn't, it would skip it and take the resource hit of having to keep the object in memory. but, in short, it worked fine even if the object wasn't serializable.

hopefully tomcat is just doing something similar...

-tim.

The servlet specification requires that all objects stored in the session be serializable.

you piqued my curiousity... if objects must be serializable, why not make the method signature setAttribute(String name, Serializable value)?

so i looked in the 2.3 spec... the applicable section is srv.7.7.2... and the gist is: the session *has* to accept serializable objects, but has the option of allowing other kinds of objects.

so, it sounds like you may find implementations that are more or less lenient.

-tim.