I read one statement regarding session migration that said, "Make sure you session attribute class types are Serializable and you never have to worry about it". Again I read one more statement that said, "The Container is not required to use Serialization so there's no guarantee that readObject() and writeObject() methods will be called on a Serializable attribute."
These two statements made me confused whether to rely on session attributes that implement Serializable interface or to resort to HttpSessionActivationListener interface and use activation/passivation callbacks?
The Container must migrate any session attributes which are serializable, but it does not have to use serialization to accomplish this.
So if your attributes are all serializable you don't have a problem, but if there are some custom bits that would normally be serialized by writeObject() and readObject() then you will need to work around this as you say with the HttpSessionActivationListener