java.io.Serializable used as arguments to
javax.servlet.http.HttpSession.setAttribute() or
javax.servlet.http.HttpSession.putValue().
Such objects will not be serialized if the HttpSession is passivated or migrated,
and may result in difficult-to-diagnose bugs.
This inspection assumes objects of the types java.util.Collection and
java.util.Map to be Serializable,
unless type parameters are non-Serializable.
Example:
void foo(HttpSession session) {
session.setAttribute("foo", new NonSerializable());
}
static class NonSerializable {}