• Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.2
    • Fix Version/s: 2.2
    • Component/s: None
    • Labels:


      Currently any state information stored on the server side (either with ServerSideStateHandling or tokens to prevent XSSF and replay attacks) are all stored on a per-session basis.

      Since multi-browser-tab editing becomes increasingly popular, we should provide a way to plugin a windowId mechanism.

      If the user currently opens an additional browser tab and clicks around in his application for a bit (I think in Mojarra and MyFaces the default is to store the 20 last views per session), and then goes back to the first browser tab, he will get a ViewExpiredException.

      Since doing the windowId handling inside the spec is pretty complicated (there is not yet a perfect solution without any downsides, see JAVASERVERFACES_SPEC_PUBLIC-949), we could leave this to the application and just use some provided windowId to keep the last n states for each browser tab.

      We would then have a MAX_VIEWS_PER_TAB and MAX_TABS_PER_SESSION limit.
      This is needed regardless if JAVASERVERFACES_SPEC_PUBLIC-949 is finally solved or not.

        Issue Links



            • Assignee:
              Ed Burns
              Mark Struberg
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: