Open
Description
At present, all SessionRepository
implementations use Java serialization as the default serialization mechanism.
While convenient as a default, Java serialization has several well known limitations and the ecosystem appears to be getting ready to move away from it - see Towards Better Serialization document by Brian Goetz.
The next major release seems like a good opportunity to reconsider Spring Session's general approach to serialization.