Gary Jackson wrote:
I have an issue when STATE_SAVING_METHOD is set to client. If I undeploy and redeploy the application while the application is being used, I get a "javax.crypto.BadPaddingException: Given final block not properly padded". Presumably this is happening because MyFaces is attempting to recover invalid state from a session that is no longer valid. Is this a common problem? How do people normally get around this?

Yes, I've been having this problem too and have just got to the bottom
of it. It has been mentioned a few times on this list going back to early
2007 but I never saw a solution before.

The problem is a bug in the StateUtils class. Encryption of client-side
state saving is supposed to be off unless you enable it, but is in fact
ON unless you DISABLE it!

The problem is that if you don't specify a secret (because you think
you're not using encryption), MyFaces will generate one and place it
in application context; but this will change when you redeploy, and
the secret used in pages in users' browsers from before the redeploy
will then fail.

I've logged this as a bug in the ASF JIRA (it is issue
MYFACES-1786), but the workaround is either to explicitly
disable encryption, like this:


(note that "false" must be in lower case!) or to set a secret.

          Dr Jonathan Harley   .
                               .   Email: [EMAIL PROTECTED]
           Zac Parkplatz Ltd   .   Office Telephone: 024 7633 1375
    .   Mobile: 079 4116 0423

Reply via email to