Forums Register Login
Is HTTPSession Serializable?
I am learning few concepts in servlets. And i came across this doubt. We used to send data over network using httpsession as below.

And get the data in JSP with below code

How ever i am not sure whether HTTPSession is serializable or not.

Can some one explain how HTTPSession works?

You aren't actually sending the session over the network in that example. JSPs are rendered on the server. Which is where the HttpSession is stored in memory.

HttpSession is sometimes serialized for "session persistence". This is used for failover between different servers. The answer to whether HttpSession is serializable is "maybe". It depends on the implementation. It also depends on what you put in the session. If you put in objects that aren't serializable, the session isn't going to be serializable.

Luckily, session persistence is a more advanced concept and you don't have to worry about it yet.
HttpSession objects are supposed to be managed by the server - you should not be messing with them outside of the standard servlet API.

If you need to move copies of collections of objects around the network, thats what the collection classes are for - HashMap for example. An HttpSession is just a collection plus management variables.

If you want more info on JSP, please read this article.

And, you should not be putting Java code in your JSP. That's an obsolete and outdate practice.
(1 like)
HttpSession is an interface, not a concrete class, which makes it inherently unserializable. That's also true of SQL Connection, despite some people's attempts to incorrectly stuff Connections into HttpSession.

Every webapp server's concrete implementation of HttpSession is likely to be different. So you'd have to obtain that server's concrete instance of HttpSession (via a cast) before you could even begin to think about serializing it. And there's no absolute guarantee that the concrete httpsession object class implements java.io.Serializable.

In practical terms, it's common for webapp server clusters to serialize sessions and pass them back and forth between server instances (VMs). And/or to cache them to disk in order to save RAM. But web applications shouldn't depend on this being the case. As William says, you shouldn't be playing with them directly.

Session objects are different. An HttpSession holds a Map of session name/value object pairs, accessed via the HttpSession get/setAttribute methods. Those session objects must implement java.io.Serializable. Some webapp servers will get very annoyed if you try and store a non-serializable object in a session attribute.
Thanks all for the information shared.
I'm gonna teach you a lesson! Start by looking at this tiny ad:
Rocket Oven Kickstarter - from the trailboss

This thread has been viewed 2232 times.

All times above are in ranch (not your local) time.
The current ranch time is
Jul 15, 2018 15:25:34.