On Sun, Aug 5, 2012 at 5:17 PM, Paul Benedict <[email protected]> wrote:
> Philip, > > On Sun, Aug 5, 2012 at 1:42 AM, Philip Luppens <[email protected]> > wrote: > > On Sun, Aug 5, 2012 at 7:34 AM, Paul Benedict <[email protected]> > wrote: > > > >> I don't think this feature exists but it does in Tapestry (and > >> probably .NET). It should be possible to serialize the ValueStack on a > >> redirect, pass it as a 64-bit encoded key, and deserialize it. This > >> would facilitate greater Redirect-After-Post patterns that require > >> data points to still be active. > >> > >> Thoughts? > >> > > > > I find it an intriguing idea, but wouldn't it imply a serialisation of > the > > entire object graph that is attached to your root object and hence a > > security risk by exposing certain variables? > > Yes, you would have to serialize what's in the ValueStack. This would > be a given. However, a decent programmer should know what he is about > to do by enabling this kind of feature -- probably via a new > interceptor. With regards to security, the contents definitely require > encryption. Base64 encoding isn't stealth. > > Isn't this something that is already possible with the 'flash' scope? Or > > does this approach offer certain benefits? > > > > Cheers, > > > > Phil > > Yes, it is a type of flash scope. The only difference is that it's not > dependent on a user's session. > https://issues.apache.org/jira/browse/WW-2635 Just a quick remark: wouldn't a specialised object be a better approach for this, rather than the entire ValueStack? It seems to me this can get pretty huge and therefore impact performance/scaling more than the session-based approach. Having a custom object serialised allows for better control, and I doubt you'd need everything kept in the ValueStack on your Redirect-After-Post (I might be wrong about that one, but we've been either storing some minimal info in the flash scope, or adding it as a request parameter, and it seemed to be 'good enough'). My 2 cents, Phil > > > Paul > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- "We cannot change the cards we are dealt, just how we play the hand." - Randy Pausch
