[ https://issues.apache.org/jira/browse/MYFACES-4033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15157688#comment-15157688 ]
Thomas Andraschko commented on MYFACES-4033: -------------------------------------------- I think that HtmlResponseStateManager#isPostback should also check the HTTP method and not only the VIEW_STATE_PARAM. WDYT? > Weird behavior with form authencation / forward / restore view > -------------------------------------------------------------- > > Key: MYFACES-4033 > URL: https://issues.apache.org/jira/browse/MYFACES-4033 > Project: MyFaces Core > Issue Type: Bug > Reporter: Thomas Andraschko > Assignee: Leonardo Uribe > > Following case: > 1) visit login.xhtml > with > <h:form onclick="this.action='j_security_check';"> > <p:inputText id="j_username" /> > <p:password id="j_password" /> > <p:commandButton id="submit" value="Login" ajax="false"/> > </h:form> > 2) submit (non-ajax post) with invalid user > 3) tomcat forwards to the loginError.xhtml > 4) MyFaces tries to restore the view with the ViewState from login.xhtml > 5) ViewExpired occurs > IMO MyFaces should not restore the view after a forward -> > if (post && forward) { > -> new view > } > else { > -> restore > } > It also works fine in Mojarra. > [~lu4242] How would you fix it? -- This message was sent by Atlassian JIRA (v6.3.4#6332)