Thanks for the directions, Les. You're right, the ShiroHttpSession is not the problem, since SimpleSession is the actual object type for keeping all the session data stored. And both classes have no relationship to each other. Firstly I thought SimpleSession was a Shiro class, implementing ShiroHttpSession, or similar. That was wrong.
I think I found the reason now. The project is using Struts 1.3.10 with an early version of RolloverScope (http://wiki.apache.org/struts/RolloverScope). This keeps the scope infos in the session, including a reference to the request, which is of the type org.apache.shiro.web.servlet.ShiroHttpServletRequest. Now I'm, looking for the best way to get around this trouble. Either preventing the request object beeing kept in the session (which might have critical side effects), or to make the ShiroHttpServletRequest serializable for this purpose. -- View this message in context: http://shiro-user.582556.n2.nabble.com/NotSerializableException-for-ShiroHttpServletRequest-tp7578607p7578631.html Sent from the Shiro User mailing list archive at Nabble.com.
