I don't personally touch the session, but the Spring Security Framework
seems to put my implementation of the UserDetailsService object on the
session (used to populate user details for authentication information to the
security framework).
Do you suggest that I extend the Spring Security
What are you serializing? In general, it's a best practice to store as
little into the session as possible and retrieve state data from memcache or
the datastore.
--
Ikai Lan
Developer Programs Engineer, Google App Engine
Blogger: http://googleappengine.blogspot.com
Reddit: