Implications of saving session on the client with javax.faces.STATE_SAVING_METHOD

Question

My first JSF page was throwing javax.faces.application.ViewExpiredException. while I searched I got this solution which solved my problem.

<         


        

Answer 1

This doesn't save the "session" in client side at all.

This only saves the JSF view state in client side. This is in JSF 2.2 always AES-encrypted with a key which is generated on application startup. This however invalidates once you restart the application, hereby causing all existing view states to become invalid. You can specify a fixed key as below in web.xml so that all existing view states keep valid across server restarts:

    jsf/ClientSideSecretKey
    java.lang.String
    [AES key in Base64 format]

You can use this page to generate a random AES key in Base64 format.

See also:

• javax.faces.application.ViewExpiredException: View could not be restored
• com.sun.faces.ClientStateSavingPassword - recommendations for actual password?
• How do servlets work? Instantiation, sessions, shared variables and multithreading (read this to learn what "session" actually is)