is the HTTPSession objects stored in the main memory?
Servlet containers have the option of serializing a session and storing it anywhere they want. Thats why ALL objects having a reference saved in a session should implement Serializable to avoid mysterious failures. Thats also why
you should not save references to objects managed by other processes, such as DB connection pools, in sessions.
Bill