Analysing the server application I’ve found some point, that with relation to session serializazion

Question

0

Asked: June 18, 20262026-06-18T08:04:48+00:00 2026-06-18T08:04:48+00:00

Analysing the server application I’ve found some point, that with relation to session serializazion

0

Analysing the server application I’ve found some point, that with relation to session serializazion and deserialization could be dangerous. The servlet layer in many places uses session to store object.

Consider the sequence:

1) Object A is save to session

2) Object A is modified

3) Object A is read from session as object B

Is it possible, that before 1) and 2) the serialization occurs, and the object read as B is the deserialized version of object A before the changes from 3?

Or I’m guaranteed, that, as long as 1, 2, 3 happens in the same request, A and B will be equal?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-18T08:04:49+00:00

Editorial Team

2026-06-18T08:04:49+00:00Added an answer on June 18, 2026 at 8:04 am

Your code shouldn’t depend on objects you put in the session being the same instance, so long as they are semantically equal as implied by the equals method then that should be enough.

There are of course various reasons when sessions could be serialized whether it’s so sessions to survive server restarts or because the server is part of a cluster.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Analysing the server application I’ve found some point, that with relation to session serializazion

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply