> This may (hopefully) have an obvious answer, but I was planning on putting a
> JCR Session in a server side (HTTP)session - for the duration of the users
> interaction with the app.
>
> a) is this a good/bad idea? (I don't have to worry about a massive number of
> concurrent users)
imo, this is ok for the time the user interacts with the repository.
it is even a requirement for example if the user fills out forms to
fillin the data and then 'saves' at the end.

> b) Session is not serializable - so this may cause some issues with some
> containers (I believe I can work around that anyway).
no it isn't since it is almost impossible to serialize the entire
transient state efficiently.

just make sure the jcr sessions get logged-out when they are not used anymore.

regards, toby
-- 
-----------------------------------------< tobias.bocanegra@day.com >---
Tobias Bocanegra, Day Management AG, Barfuesserplatz 6, CH - 4001 Basel
T +41 61 226 98 98, F +41 61 226 98 97
-----------------------------------------------< http://www.day.com >---