java.io.Serializable
used as arguments to
javax.servlet.http.HttpSession.setAttribute()
or
javax.servlet.http.HttpSession.putValue()
.
Such objects will not be serialized if the 'HttpSession' is passivated or migrated, and may result in difficult-to-diagnose bugs.
This inspection assumes objects of the types java.util.Collection
and
java.util.Map
to be Serializable
,
unless type parameters are non-Serializable
.
Example:
void foo(HttpSession session) {
session.setAttribute("foo", new NonSerializable());
}
static class NonSerializable {}