• Home
• org.codehaus.sonar-plugins.java
• java-checks
• 3.2
• source code
• S2441.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.java.rules.squid.S2441.html Maven / Gradle / Ivy

If you have no intention of writting an HttpSession object to file, then storing non-serializable objects in it may not seem like a big deal. But whether or not you explicitly serialize the session, it may be written to disk anyway, as the server manages its memory use in a process called "passivation". Further, some servers automatically write their active sessions out to file at shutdown & deserialize any such sessions at startup.
The point is, that even though HttpSession does not extend Serializable, you must nonetheless assume that it will be serialized, and 
understand that if you've stored non-serializable objects in the session, errors will result. 
Noncompliant Code Example

public class Address {
  //...
}

//...
HttpSession session = request.getSession();
session.setAttribute("address", new Address());  // Noncompliant; Address isn't serializable