问题
I tested new Flash scope in JSF2 but I found a major issue with it or I am lacking some knowledge.
Having a page:
<h:body>
Value in flash: #{flash.text}
<h:form>
<h:inputText value="#{flash.text}" />
<h:commandButton value="Test" /> <!-- Same behavior with faces redirect -->
</h:form>
</h:body>
I have a scenario:
- Put a value 'foo' and click Test
- I get 'Value in flash: foo'
- I open new page with the same adress
- I get 'Value in flash:'
- I open another new page with the same adress
- I get 'Value in flash: foo' <- IMHO this is wrong!
Reproducibility: 100% Tested on Glassfish 3.1 and JBoss AS 7
Different problem with probably same reason: Removing JSF messages from the flash
So:
- Is it desired behavior of JSF2 flash?
- Based on this and other noticed problems with flash, shoud the reference flash implementation be considered harmful?
回答1:
I think for now the implementation of The Flash should be considered harmful indeed. In the application I'm working on day to day I had a very good use case for it, but unfortunately The Flash just appeared to be unusable.
The main problem is that the cookie which is used to transfer a pointer to the state isn't cleared, see Flash scoped message lives longer than next request.
There also seems to be a security problem with the flash scope, see Flash scope cookie enables data exploits.
If any of this bothers you, please vote for the linked issues ;)
来源:https://stackoverflow.com/questions/6705669/after-post-is-setting-a-value-in-jsf2-flash-scope-it-is-visible-again-on-second