Servlets/JSPs don't need to serialize any of your objects to communicate with a browser. Your session, request, context, and page objects live only on the server.
There are times however when a container will want to serialize your session scoped variables.
Tomcat, for instance, uses serialization to preserve sessions over webapp reloads and server restarts. Also, if you are using clustering, Tomcat will serialize your session data in order to replicate it on each of your cluster nodes.
Other containers behave similarly.
For this reason, it is a good idea to make sure that any object you bind to session implements serializable. Also, make sure that any object contained by a session scope object implements serializable. Most of the collection objects provided by
Java implement serializable but things like Iterator, file handles, ResultSets, etc, can not be made serializable. If you try to store one of these things in session, the container will not be able to serialize your sessions and you will loose features like session replication, and the ability to persist sessions across application restarts.