Do objects stored in a HTTP Session need to be serializable? Or can it store any object?

Alex Chaffee

Yes, the objects need to be serializable, but only if your servlet container supports persistent sessions. Most lightweight servlet engines (like Tomcat) do not support this. However, many EJB-enabled servlet engines do.

Even if your engine does support persistent sessions, it is usually possible to disable this feature. Read the documentation for your servlet engine.

Note that this means that a JDBC Connection should not be stored in a session, however convenient that would be. You can put it in an application scope variable, or in a "transient" field of a private class. Read the docs for the Serializable interface to learn more.