-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 5/14/20 12:53, Mark Thomas wrote: > On 14/05/2020 17:46, Mark Thomas wrote: >> On 14/05/2020 16:48, Christopher Schultz wrote: >>> All, >>> >>> I'm interested in the history of the >>> StandardSession.writeObjectData method. I've been looking at it >>> lately because I'm interested in possibly (optionally) >>> encrypting the sessions in the backend session store. But this >>> isn't about encryption at all. >>> >>> The code for StandardSession.doWriteObject(ObjectOutputStream >>> stream) looks like this: >>> >>> >>> // Write the scalar instance variables (except Manager) >>> stream.writeObject(Long.valueOf(creationTime)); >>> stream.writeObject(Long.valueOf(lastAccessedTime)); >>> stream.writeObject(Integer.valueOf(maxInactiveInterval)); >>> stream.writeObject(Boolean.valueOf(isNew)); >>> stream.writeObject(Boolean.valueOf(isValid)); >>> stream.writeObject(Long.valueOf(thisAccessedTime)); >>> >>> >>> Is there any reason we are writing object wrappers for these >>> primitive members instead of just writing the primitives >>> directly? >> >> That code goes all the way back to at least Tomcat 3.1.x (20+ >> years ago). >> >>> It turns out that the byte stream is identical whether one >>> uses objects or primitives, >> >> That surprises me. Looking at the JRE source code it really >> surprises me. So much that I am going to go and try it for >> myself. > > My testing shows the opposite. There is a significant difference > between writing primitives and writing objects. Hmm. I did a micro-test with just writing a single Long.valueOf() value and a (primitive) long alone to an ObjectOutputStream. I didn't test the StandardSession itself. > Given backwards compatibility requirements we can't change this in > 9.0.x and earlier. Agreed. >> One reason we might want to stick with writing objects is to >> support sessionAttributeValueClassNameFilter. I'm only going from >> reading the source so I could easily have missed something but it >> looks like that will only work if we write/read objects. > > We only care about this for session attributes. We know our > internal attributes are safe so we could switch to primitives in > 10.0.x. I'll have to play-around a bit to see what was wrong with my initial tes t. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl69guMACgkQHPApP6U8 pFg40BAAowAyGeHKQAWyj4OjZVwuZJnZpNaBsK0Rthw2rmCPFVVzBb37IDV7svxk HjmYyvKSM3NxRke/ftSysfg7hnGAaK0gFuyk8XSqUp5ZXkJUzHoS/44Ite1Fsqux 8iwc+djveuybUEacxz9PGLH9+vmXVI9EhvYUHKXyWS5w5KKXBVghPcrnL9gjBbTs F7a92V6xiRUdnhDBpixOEBnwihfAisd1CS9XQjIAhVB2T0mkSsinZBFqzy5HZX4a ohMhX1aAFKyHEV9rHeNlV9mTzj1Wg+rgXEVW4hWnGzmt+iS3KdLxdRZRw+6v78O6 M4cYPclPYek//toB7mf+FFyrPtyfVMjG9lvqP3serXQ8Ujh7HvUNQX91/kgpC9mQ xWJQqpsR7CwkmleU/XFFcyz9Dp+N/SlZSomPneeLRj4+Epx+AX8WgXVZMZdJNXVf MN5IIix7K9ff+drbCgwFsC2Yf1M76Mf6VQSXKdNmxZ5AfXJy9Kzk8z2rukj63wMA wHs3CEjHjN7PevbgUbvQnA6Ze92ZRlzQqhrZl400/lriYzGeePQmqeVg5/mlAWLW 2YJQRsmaA8Q7QI63vZXkBYGBA1/lh6NDFF3mVqHCxAy3nUfSx3VNgwVZSk3aItqw eDgNxRJkhR43MLj1GDQTAVjHF+XrMw87xDp58cI0pxhgavGzlsI= =2xPi -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org