Philip, On Sun, Aug 5, 2012 at 1:42 AM, Philip Luppens <[email protected]> wrote: > On Sun, Aug 5, 2012 at 7:34 AM, Paul Benedict <[email protected]> wrote: > >> I don't think this feature exists but it does in Tapestry (and >> probably .NET). It should be possible to serialize the ValueStack on a >> redirect, pass it as a 64-bit encoded key, and deserialize it. This >> would facilitate greater Redirect-After-Post patterns that require >> data points to still be active. >> >> Thoughts? >> > > I find it an intriguing idea, but wouldn't it imply a serialisation of the > entire object graph that is attached to your root object and hence a > security risk by exposing certain variables?
Yes, you would have to serialize what's in the ValueStack. This would be a given. However, a decent programmer should know what he is about to do by enabling this kind of feature -- probably via a new interceptor. With regards to security, the contents definitely require encryption. Base64 encoding isn't stealth. > Isn't this something that is already possible with the 'flash' scope? Or > does this approach offer certain benefits? > > Cheers, > > Phil Yes, it is a type of flash scope. The only difference is that it's not dependent on a user's session. https://issues.apache.org/jira/browse/WW-2635 Paul --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
