[ https://issues.apache.org/jira/browse/MYFACES-4033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15159725#comment-15159725 ]
Leonardo Uribe commented on MYFACES-4033: ----------------------------------------- MyFaces uses some identifiers to detect when a view state is valid or not, to avoid use one view state in other different view. If the fix cannot be done from outside, maybe we could introduce a web config parameter by default disabled to check that condition. I agree this is weird (I have experienced this behavior on the past). The problem is how to detect the "forward". > Weird behavior with form authencation / forward / restore view > -------------------------------------------------------------- > > Key: MYFACES-4033 > URL: https://issues.apache.org/jira/browse/MYFACES-4033 > Project: MyFaces Core > Issue Type: Bug > Reporter: Thomas Andraschko > Assignee: Leonardo Uribe > > Following case: > 1) visit login.xhtml > with > <h:form onclick="this.action='j_security_check';"> > <p:inputText id="j_username" /> > <p:password id="j_password" /> > <p:commandButton id="submit" value="Login" ajax="false"/> > </h:form> > 2) submit (non-ajax post) with invalid user > 3) tomcat forwards to the loginError.xhtml > 4) MyFaces tries to restore the view with the ViewState from login.xhtml > 5) ViewExpired occurs > IMO MyFaces should not restore the view after a forward -> > if (post && forward) { > -> new view > } > else { > -> restore > } > It also works fine in Mojarra. > [~lu4242] How would you fix it? -- This message was sent by Atlassian JIRA (v6.3.4#6332)