Now that the old discussion has settled, I'd like to relive it a little bit.
If you remember, we discussed that writing out parameters and managed bean states could be done easily with adding an attribute to commandLink (bookmarkable=true), and also add this attribute to saveState (well, there have been other propositions as well, but this is what generally seemed doable). The discussion ran then wild on how we would reapply this state to the component tree or the backing beans. The biggest problem in this was security - we couldn't just reapply the state without knowing if this state was even allowed to be reapplied. There have been two suggestions to solve this problem: 1) configure centrally in your faces-config.xml which state may be reapplied 2) client side encryption the problem with client side encryption is that a) the state on client-side might be quite ugly b) you'll not be able to change the encryption key on the server anymore, if you want your pages to remain bookmarkable together with Thomas, we've discussed about a third solution: 3) create a new component, which takes the values out of the request, and reapplies them either to another component, or the managed bean. It could look much like the aliasBean today. this component would get rid of the necessary configuration (in fact, it might be much nicer to let a component in the page decide on which will be reapplied or not of the request saved state), plus you'd have inherent security: only the state that is explicitly configured will be reapplied. wdyt? regards, Martin P.S.: In case there was such an approach in the original discussion and I overlooked it, please excuse me and tell me so ;) -- http://www.irian.at Your JSF powerhouse - JSF Consulting, Development and Courses in English and German Professional Support for Apache MyFaces
