Heh...I think this is what earlier posts were warning about, especially with regards to my snide little comment about HttpSessions - this conversation can go into many wild directions, and now we're getting into Session performance.
I'm a WebSphere Dude, and I know that every Friday I'd run my application through Resource Monitor which can tell you how many objects are in your sessions, and how big those objects are. I always like to keep an eye on those things.
Programatically, you can use an HttpSessionBindingListener (I think that's it) to fire off every time an object is placed in a session. You can run a routine here that can loop through all the objects stuffed inside a users session, and inspect them any way you might instapce a normal chunk of
Java code. The great thing about the listener is it can be enabled when you want it to be, and removed when you want it to. Aren't pluggable interfaces great?
As far as overcoming HttpSession bloat? You really have to know WHY your sessions are becomming bloated, and why it's a performance issue. Sometimes, this forces you to do bad things, like code based on how your hardware does session management, which is an absolutely awful thing to do.
One "design pattern" I see is people taking large data that would go into an HttpSession and using a temporary database table. This eliminates the use of the Session service to store the temp data, and allows the developer to control access. But again, this is a slippery slope - the whole point of the HttpSession is to stop developers from having to do this. Sometimes though, for performance reasons, it's a must.
See - I told you HttpSession objects were a problem issue.
[ August 28, 2006: Message edited by: Bear Bibeault ]