[ http://issues.apache.org/jira/browse/MYFACES-164?page=all ]
Martin Marinschek updated MYFACES-164:
--------------------------------------
Description:
"When I navigate back to a form that has previously been submitted, using the
browser back button, I need to click the submit button twice in order for the
form to actually resubmit".
In the mailing list (myfaces-user at 15 Nov 2004), Manfred said "This problem
does not exist for client-side state saving".
To be sure, it seems work correctly, but client-side state saving have security
problems.
Client-side state is non encrypted data, so users can see the state, and tamper
with it.
It is necessary to hold sever-side state like JSF-RI 1.1_01 to use MyFaces for
secure application.
was:
"When I navigate back to a form that has previously been submitted, using the
browser back button, I need to click the submit button twice in order for the
form to actually resubmit".
In the mailing list (myfaces-user at 15 Nov 2004), Manfred said "This problem
does not exist for client-side state saving".
To be sure, it seems work correctly, but client-side state saving have security
problems.
Client-side state is non encrypted data, so users can see the state, and tamper
with it.
It is necessary to hold sever-side state like JSF-RI 1.1_01 to use MyFaces for
secure application.
Priority: Critical (was: Minor)
I believe that fixing this issue is critical for MyFaces compatibility to the
RI and better server side state saving support.
I am not using server side state saving myself though, so any help on this is
very welcome!
> Server-side state should be held
> --------------------------------
>
> Key: MYFACES-164
> URL: http://issues.apache.org/jira/browse/MYFACES-164
> Project: MyFaces
> Type: Improvement
> Versions: 1.0.9m9
> Environment: WindowsXP SP2;J2SE1.4.2_07;Tomcat4.1.31
> Reporter: yamo
> Priority: Critical
>
> "When I navigate back to a form that has previously been submitted, using the
> browser back button, I need to click the submit button twice in order for the
> form to actually resubmit".
> In the mailing list (myfaces-user at 15 Nov 2004), Manfred said "This problem
> does not exist for client-side state saving".
> To be sure, it seems work correctly, but client-side state saving have
> security problems.
> Client-side state is non encrypted data, so users can see the state, and
> tamper with it.
> It is necessary to hold sever-side state like JSF-RI 1.1_01 to use MyFaces
> for secure application.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
