Last update: February 19, 2023 J2EE Bad Practices: Non-serializable Object Stored in Session The product stores a non-serializable object as an HttpSession attribute, which can hurt reliability.