Has anyone used concurrent windows with server-side state? Best Regards Hassnain
On Nov 12, 2007 3:40 PM, Simon Kitching <[EMAIL PROTECTED]> wrote: > ---- Hasnain Badami <[EMAIL PROTECTED]> schrieb: > > Hi > > > > I am trying to upgrade my application from JSF 1.1.1 to JSF 1.2, using > > myfaces 1.2. I am using multiple tabs in the same browser (same http > > session) and am using client side state saving. Now when I am trying to > > upgrade I want to know if its possible to use the server side state > saving > > in the same scenario using JSF 1.2 and how should I do it. > > > As far as I know, the state-saving functionality is identical in MyFaces > 1.1 and MyFaces 1.2, ie there is nothing you can do with 1.2 that cannot > be done in 1.1. > > > > > This is necessary for me because I dont want too much data to be flowing > > between the client and the server. > > As I'm sure you're aware, this is always a tradeoff. Client-side can be > bad on a slow network. But it scales to more clients than server-side state > does, because the server doesn't need ram to keep the client state in. > > Things are more interesting with multiple windows and server-side state > though. I don't *think* this is supported for either MyFaces 1.1 or 1.2, > though I could be wrong. > > Myfaces 1.1 definitely caches N old views in the user session, so that > "back" buttons work (where N defaults to around 4). But AFAIK, this is an > LRU cache, meaning that after 4 new pages the oldest cached tree is > discarded. So if in tab 1 the user clicks through 4 pages, then tab 2's tree > state has been lost and an error will occur when the user tries to use it. > What would be necessary is to somehow tell the windows apart, and keep at > least one JSF tree for each one but that seems tricky; I've never seen any > code in MyFaces that does that. > > Anyone out there using concurrent windows with server-side state? > > > Secondly I think (I am not sure) client > > side saving might encourage hostile user attacks. > > MyFaces 1.1 and 1.2 both have a feature to encrypt the client-side-state > information. This is sufficient to prevent any hostile attacks. As far as I > know this functionality is identical in MyFaces 1.1 and MyFaces 1.2. > > This is turned on with a context param in the web.xml file. There is > documentation on this in the myfaces wiki. > > > Regards, > > Simon >
