Philipp Meier had a good question on the list:
"Just to be curious, is this a Tomcat bug or is it necessary or advisable that
everything put in a HttpSession implements Serializable. I had a quick
look in the Servlet spec but I is still unclear to me."
I'm unsure. My initial thoughts were that it was a Tomcat bug. However, there has been a report of the same problem on WebLogic. Doesn't mean it's not a bug in both but may be one we need to work around. Are there drawbacks to having DefaultComponentManager implement Serializable?