tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Do objects in session always need to be serializable?
Date Wed, 20 Apr 2011 14:41:42 GMT
Hash: SHA1


On 4/20/2011 1:41 AM, Mukarram Baig wrote:
> We are using tomcat in a non-clustered environment. We put certain
> domain objects in the session [...]. The domain
> objects are not serializable.

No problem: there is no requirement that session objects be serializable
unless your webapp is marked <distributable /> in web.xml. I suspect
that Tomcat might complain if you put an object into a distributable
webapp's session that does not implement Serializable.

> We have randomly seen NullPointerExceptions
> thrown when accessing properties of these domain objects via the session.

You need perform null-checking when accessing session objects. :)

> I
> had read about Tomcat deciding to serialize sessions when it thinks that the
> available memory is getting tight on some forum (

This has to do with Tomcat restarting a webapp, not due to low-memory

> but couldn't see the same in the servlet spec or documentation on tomcat's
> site.

You have to read between the lines a bit, here: the default Manager
implementation persists sessions across webapp restarts using a file
that defaults to "SESSIONS.ser" and standard Java serialization. Any
session objects that are not Serializable will cause the session to fail
to write to that file, and may possible corrupt the file causing all
sessions to be lost.

> If yes, under what
> (approximate) conditions does tomcat decide to serialize sessions to disk
> and back?

During a webapp restart, unless you have configured another Manager
implementation. I suspect not, since you haven't mentioned anything like

> Overall, is the recommended approach to always make objects in the
> session serializable?

I wouldn't worry about it unless you

a) intend to do distributable in the future
b) want to persist sessions across webapp restarts

> Also, wouldn't it be great if a better exception like
> NotSerializableException be thrown rather than the user stumbling over null
> values and NPE's being thrown?

You are probably getting both: NSE on the way out and NPE after your
webapp starts up again and tries to read an empty session. Check your
log files, especially catalina.out.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message