Looking at javax.servlet.http.HttpSession there's following statement:
When container migrates a session between VMs in a distributed container setting, all session attributes implementing the HttpSessionActivationListener interface are notified.
So I would say there should be the check for javax.servlet.http.HttpSessionActivationListener#sessionWillPassivate at first in the case of serialization. We can probably raise Servlet spec clarification issue. Anyway looking at "11.2.1 Event Types and Listener Interfaces" in the servlet spec I think adding invalidate call is legal solution.
|