CRV2 RevCodeStoredAntiPatternJava

=Bad Session Stores=

As described in the research paper written by V.Benjamin Livshits(2005), Bad session stores occurs when objects stored in attributes of javax.servlet.http.HttpSession are not subclasses of java.io.Serializable.

As further described by Livshits, it causes issues because HttpSessions objects could be written out to disk especially when all objects stored are handled as attributes that must be serialized, if not done properly this will cause exceptions or data corruption.

What to look for in the code

 * Parameters of HttpSession.set Attribute
 * Control if javax.servlet.httpSession is a subclass of java.io.Serializable