Hi Daniel! > As Simon said, it's basically server-side state saving with a single > client-side token. But normal server-side state saving already has a token > (the SESSION ID!!) that maps to the HttpSession anyway... so what's the > difference?? > The thing is to not only find the correct session, but also the correct request. It's required to support the browser-back button where, due to the page flow, the system awaits to find a JSF state for the page. If you do not maintain a request id you'll always could have the last JSF state (for the last page), any browser-back will fail.
MyFaces will store a configureable number of JSF states, say for the last 20 requests. After then, the browser-back issue is back. Ciao, Mario