You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@myfaces.apache.org by "Thomas Andraschko (JIRA)" <de...@myfaces.apache.org> on 2016/02/22 22:00:19 UTC

[jira] [Commented] (MYFACES-4033) Weird behavior with form authencation / forward / restore view

    [ https://issues.apache.org/jira/browse/MYFACES-4033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15157688#comment-15157688 ] 

Thomas Andraschko commented on MYFACES-4033:
--------------------------------------------

I think that
HtmlResponseStateManager#isPostback should also check the HTTP method and not only the VIEW_STATE_PARAM.
WDYT?

> Weird behavior with form authencation / forward / restore view
> --------------------------------------------------------------
>
>                 Key: MYFACES-4033
>                 URL: https://issues.apache.org/jira/browse/MYFACES-4033
>             Project: MyFaces Core
>          Issue Type: Bug
>            Reporter: Thomas Andraschko
>            Assignee: Leonardo Uribe
>
> Following case:
> 1) visit login.xhtml
>     with 
>     <h:form onclick="this.action='j_security_check';">
>          <p:inputText id="j_username" />
>          <p:password id="j_password" />
>          <p:commandButton id="submit" value="Login" ajax="false"/>
>     </h:form>
> 2) submit (non-ajax post) with invalid user
> 3) tomcat forwards to the loginError.xhtml
> 4) MyFaces tries to restore the view with the ViewState from login.xhtml
> 5) ViewExpired occurs
> IMO MyFaces should not restore the view after a forward ->
> if (post && forward) {
>    -> new view
> }
> else {
>    -> restore
> }
> It also works fine in Mojarra.
> [~lu4242] How would you fix it?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)