Inspectopedia
 
2024.3

Non-serializable object bound to 'HttpSession'

Warning
New
Last modified: 03 December 2024

Reports objects of classes not implementing java.io.Serializable used as arguments to javax.servlet.http.HttpSession.setAttribute() or javax.servlet.http.HttpSession.putValue().

Such objects will not be serialized if the HttpSession is passivated or migrated, and may result in difficult-to-diagnose bugs.

This inspection assumes objects of the types java.util.Collection and java.util.Map to be Serializable, unless type parameters are non-Serializable.

Example: