Ralph and the HttpClient folks out there Initially I thought that HttpState class should have been made serializeable per default. Later I realized that there was a catch, however. The HttpState class besides cookies also contains credentials for target servers and proxy servers. From the security standpoint, it would not be desirable to store such sensitive information in clear text or to give the user a wrong impression that the security aspects of password persistence have been taken care of. So, we basically end up with two options: 1) making HttpState serializeable but marking credentials sets as transient 2) leave the choice of the persistence mechanism up to the user (as it is today)
If we reach a consensus that the first option makes more sense, I will file a bug report and target it for 2.1 release Cheers Oleg -----Original Message----- From: Ralph Goers [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 01:01 To: [EMAIL PROTECTED] Subject: HttpState not serializable I am trying to save the HttpState object in the session and am getting a message from Weblogic Server saying the attribute is not serializable and will be lost upon redeployment. How can I address this? Ralph --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
