If I have a complex object with hundreds of String fields and objects of objects. Some are implementing Serializable and some aren't.
How would a j2ee server serialize that data in session. Would I expect all data to be returned. Even the objects of objects.
Session.setAttribute(data)
E.g. Session.getAttribute() == data.getData().getData().getData().getData1()
Will the object returned from getData1() return correctly?
(I am using both Tomcat 6 and Websphere 6+)
The servlet spec requires objects that are stored in sessions to be fully serializable, and if you violate the spec it would be perfectly correct behaviour for the container to crash with a NotSerializableException and dismiss the entire session as invalid.
Fortunately, most web containers are more forgiving and will instead keep the session in memory and merely write a warning into the log file. Of course, this can cause problems if you have a lot of sessions containing a lot of data.
Serialization saves the entire object graph*. When your complex object goes in the session the whole thing gets stored. If you want to use clustering then all the objects that are part of your complex object must be Serializable, because at that point your object is getting written to a store that can be accessed by other nodes in the cluster.
EDIT: should've added that being static and transient fields don't get serialized, of course. I try not to include static mutable fields in stuff that needs to be serialized.