In a JSP session object, why is there the restriction that any object put into the session must be a serialized objects?

Stephen McConnell

Because many web servers will serialize the Session. If you can't serialize the objects stored in the session object, then you have lost the state of your session.

This is done to prepare for load balancing where browser may be hitting multiple servers depending upon the load. The server will save the session to a common database; and when a user hits another server, it uses the session id to look in it's cached sessions for that ID. If it isn't there, it looks in the database... So, load balancing is transparent to the user.

This is just one reason for having the objects in the session serialized...

The questions to ask yourself are:

  • Do I need to keep this information from request to request in the session?
  • Why would I need to serialize an object? What does it buy me?
  • Is my session stateful or stateless (which is a restatement of question 1)

Hope this answers some of your questions.

Stephen McConnell