I don't personally touch the session, but the Spring Security Framework
seems to put my implementation of the UserDetailsService object on the
session (used to populate user details for authentication information to the
security framework).
Do you suggest that I extend the Spring Security
What are you serializing? In general, it's a best practice to store as
little into the session as possible and retrieve state data from memcache or
the datastore.
--
Ikai Lan
Developer Programs Engineer, Google App Engine
Blogger: http://googleappengine.blogspot.com
Reddit:
My first real issue in GAE was that the session is serialized and
stored to the datastore on the GAE servers. This is all well and good,
but it doesn't happen on the local dev instance as far as I can see.
Thus I ran into a situation where I got runtime exceptions (due to a
session class not