Andrew S Tomlinson wrote:
> It is my understanding that you can only save objects in the session if they
> are serializable.
> App servers may flush session data out to disk. Moreover, according to a BEA
> rep at a recent seminar that is how Weblogic supports session continuity
> across multiple servers in a fault-tolerant cluster - all the servers access
> a common repository of session data (I am still a bit dubious about the
> reliability of this but this is how they explained it).
>
The 2.1 servlet spec was silent on this topic, so different servers implemented
things differently. Those servers that supported session persistence or
distribution, like BEA/WebLogic, naturally insisted on Serializable objects being
stored in the session if you wanted them to be persisted or migrated.
In the 2.2 spec, you are required to store only Serializable objects if you mark
your application as "distributable" in the deployment descriptor -- otherwise, you
are free to store non-Serializable objects as well.
>
> Anyway, if your object isn't serializable you can't put it in the session
> and I do not think the JDBC connection or resultset are serializable (and if
> they are is there not some security issue here?)
Implementations of Connection and ResultSet are not Serializable in most JDBC
driver implementations, although it is conceptually possible to design
implementations that are. One of the practical difficulties is that, deep inside
the Connection implementation, there is a socket connection (provided by the
underlying operating system) to the database itself. Most operating systems have
no facility for transferring an open socket from one process (i.e. JVM in this
case) to another, even on the same server -- let alone on a different server in a
load balanced cluster.
>
> Anyway - would love to hear what the group knows about this...
>
Craig McClanahan
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
