On 14/05/2020 16:48, Christopher Schultz wrote:
> All,
> I'm interested in the history of the StandardSession.writeObjectData
> method. I've been looking at it lately because I'm interested in
> possibly (optionally) encrypting the sessions in the backend session
> store. But this isn't about encryption at all.
> The code for StandardSession.doWriteObject(ObjectOutputStream stream)
> looks like this:
>         // Write the scalar instance variables (except Manager)
>         stream.writeObject(Long.valueOf(creationTime));
>         stream.writeObject(Long.valueOf(lastAccessedTime));
>         stream.writeObject(Integer.valueOf(maxInactiveInterval));
>         stream.writeObject(Boolean.valueOf(isNew));
>         stream.writeObject(Boolean.valueOf(isValid));
>         stream.writeObject(Long.valueOf(thisAccessedTime));
> Is there any reason we are writing object wrappers for these primitive
> members instead of just writing the primitives directly?

That code goes all the way back to at least Tomcat 3.1.x (20+ years ago).

> It turns out that the byte stream is identical whether one uses
> objects or primitives,

That surprises me. Looking at the JRE source code it really surprises
me. So much that I am going to go and try it for myself.

One reason we might want to stick with writing objects is to support
sessionAttributeValueClassNameFilter. I'm only going from reading the
source so I could easily have missed something but it looks like that
will only work if we write/read objects.


To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to