You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@myfaces.apache.org by "Thomas Andraschko (JIRA)" <de...@myfaces.apache.org> on 2016/02/22 17:39:18 UTC

[jira] [Created] (MYFACES-4033) Weird behavior with form authencation / forward / restore view

Thomas Andraschko created MYFACES-4033:
------------------------------------------

             Summary: Weird behavior with form authencation / forward / restore view
                 Key: MYFACES-4033
                 URL: https://issues.apache.org/jira/browse/MYFACES-4033
             Project: MyFaces Core
          Issue Type: Bug
            Reporter: Thomas Andraschko
            Assignee: Leonardo Uribe


Following case:

1) visit login.xhtml
    with 
    <h:form onclick="this.action='j_security_check';">
         <p:inputText id="j_username" />
         <p:password id="j_password" />
         <p:commandButton id="submit" value="Login" ajax="false"/>
    </h:form>
2) submit (non-ajax post) with invalid user
3) tomcat forwards to the loginError.xhtml
4) MyFaces tries to restore the view with the ViewState from login.xhtml
5) ViewExpired occurs

IMO MyFaces should not restore the view after a forward ->

if (post && forward) {
   -> new view
}
else {
   -> restore
}

It also works fine in Mojarra.

[~lu4242] How would you fix it?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)