Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
The moose likes Servlets and the fly likes Session Objects Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session Objects" Watch "Session Objects" New topic

Session Objects

Jeff X Williams

Joined: Sep 28, 2001
Posts: 29
I am designing a JSP/Servlet application and I would like to keep a fairly large amount of information in the session for convenience and performance reasons. My concern is that if I have a high volume of users I could run out of memory because of this. However, since session objects must be declared as Serializable, does this mean that if memory becomes low they will be temporarily copied to disk until needed again? If so, is this part of the specification or is it up to the particular Servlet container implementation? If it depends on the specific implementation, how does Tomcat handles this? Thanks.
Madhav Lakkapragada
Ranch Hand

Joined: Jun 03, 2000
Posts: 5040

Good qstn...need to do a little homework to say anything
on this...
- satya

Take a Minute, Donate an Hour, Change a Life
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
session objects must be declared as Serializable

Is this true? I could not find any such restriction in the Servlet 2.3 Specs.
As far as I could tell, only applications marked <distributable> may require that session attributes are Serializable. And even then, it's only a requirement under certain conditions: Section 7.7.2 of the spec states "The servlet container may throw an IllegalArgumentException if an object is placed into the session that is not Serializable or for which specific support has not been made available. The IllegalArgumentException must be thrown for objects where the container cannot support the mechanism necessary for migration of a session storing them."
Miftah Khan
- Sun Certified Programmer for the Java� 2 Platform
- Sun Certified Web Component Developer for the Java� 2 Platform, Enterprise Edition
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17410

Because sessions are serializable, WebLogic 5.1 was able to recover from server crashes without losing session info (in my experience). But I would NOT assume that a given server would treat sessions a la virtual-memory unless the vendor has expressly guaranteed it. You might consider migrating some of the bulkier data to EJBs - they normally ARE cached objects and entity beans WILL be keep in persistend storage.

An IDE is no substitute for an Intelligent Developer.
Peter den Haan
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
I'm willing to bet that a fair chunk of the information you want to bind to the session is in fact not specific to that session at all, and might be bound in the application scope instead. Of course this means that the code should be absolutely threadsafe.
Also, your sessions might be way too large for a persistence mechanism to work efficiently anyway. Brown et al assert in Enterprise Java Programming with IBM Websphere that "performance studies have shown that the maximum size that an HttpSession can be before it takes too long to marshal and unmarshal into the database is somewhere between 2K and 4K". This is about session persistence for failover, not swapping, and no doubt dependent upon Websphere's implementation. But for other application servers the figure might not be wildly different.
- Peter
I agree. Here's the link:
subject: Session Objects
It's not a secret anymore!