How ever i am not sure whether HTTPSession is serializable or not.
Can some one explain how HTTPSession works?
Post by:Jeanne Boyarsky
You aren't actually sending the session over the network in that example. JSPs are rendered on the server. Which is where the HttpSession is stored in memory.
HttpSession is sometimes serialized for "session persistence". This is used for failover between different servers. The answer to whether HttpSession is serializable is "maybe". It depends on the implementation. It also depends on what you put in the session. If you put in objects that aren't serializable, the session isn't going to be serializable.
Luckily, session persistence is a more advanced concept and you don't have to worry about it yet.
Post by:William Brogden
HttpSession objects are supposed to be managed by the server - you should not be messing with them outside of the standard servlet API.
If you need to move copies of collections of objects around the network, thats what the collection classes are for - HashMap for example. An HttpSession is just a collection plus management variables.
And, you should not be putting Java code in your JSP. That's an obsolete and outdate practice.
Post by:Tim Holloway
HttpSession is an interface, not a concrete class, which makes it inherently unserializable. That's also true of SQL Connection, despite some people's attempts to incorrectly stuff Connections into HttpSession.
Every webapp server's concrete implementation of HttpSession is likely to be different. So you'd have to obtain that server's concrete instance of HttpSession (via a cast) before you could even begin to think about serializing it. And there's no absolute guarantee that the concrete httpsession object class implements java.io.Serializable.
In practical terms, it's common for webapp server clusters to serialize sessions and pass them back and forth between server instances (VMs). And/or to cache them to disk in order to save RAM. But web applications shouldn't depend on this being the case. As William says, you shouldn't be playing with them directly.
Session objects are different. An HttpSession holds a Map of session name/value object pairs, accessed via the HttpSession get/setAttribute methods. Those session objects must implement java.io.Serializable. Some webapp servers will get very annoyed if you try and store a non-serializable object in a session attribute.