Reports objects not implementing java.io.Serializable used as arguments to javax.servlet.http.HttpSession.setAttribute() or javax.servlet.http.HttpSession.putValue().

Such objects will not be serialized if the 'HttpSession' is passivated or migrated, and may result in difficult-to-diagnose bugs.

This inspection assumes objects of the types java.util.Collection and java.util.Map to be Serializable, unless type parameters are non-Serializable.

Example:


  void foo(HttpSession session) {
      session.setAttribute("foo", new NonSerializable());
  }
  static class NonSerializable {}