[ https://issues.apache.org/jira/browse/MYFACES-4033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15159731#comment-15159731 ]
Thomas Andraschko commented on MYFACES-4033: -------------------------------------------- Detecting a forward is easy -> if (request.getAttribute("javax.servlet.forward.request_uri") != null) { // forward } I'm just not sure if there is a case when restoring the view after a forward could be valid. What about url rewrites? do they use forwards internally? Maybe a valid check is to check the request Url, too (which is j_security_check). > Weird behavior with form authencation / forward / restore view > -------------------------------------------------------------- > > Key: MYFACES-4033 > URL: https://issues.apache.org/jira/browse/MYFACES-4033 > Project: MyFaces Core > Issue Type: Bug > Reporter: Thomas Andraschko > Assignee: Leonardo Uribe > > Following case: > 1) visit login.xhtml > with > <h:form onclick="this.action='j_security_check';"> > <p:inputText id="j_username" /> > <p:password id="j_password" /> > <p:commandButton id="submit" value="Login" ajax="false"/> > </h:form> > 2) submit (non-ajax post) with invalid user > 3) tomcat forwards to the loginError.xhtml > 4) MyFaces tries to restore the view with the ViewState from login.xhtml > 5) ViewExpired occurs > IMO MyFaces should not restore the view after a forward -> > if (post && forward) { > -> new view > } > else { > -> restore > } > It also works fine in Mojarra. > [~lu4242] How would you fix it? -- This message was sent by Atlassian JIRA (v6.3.4#6332)