使对象实现 java.io.Serializable,使字段变为瞬态的,或不将对象存储到 HttpSession 中。
public void doGet(HttpServletRequest req, HttpServletResponse resp)
{
HttpSession session = req.getSession(true);
session.setAttribute(ATTRIB_NAME, new SerializableData());
// ...
}
public class NonSerializableData implements java.io.Serializable {
static final long serialVersionUID = -817083988410801866L;
// ...
}
private static final
String ATTRIB_NAME = "badExample";
|
|