使用javax.faces.STATE_SAVING_METHOD在客户端上保存会话的含义 [英] Implications of saving session on the client with javax.faces.STATE_SAVING_METHOD

问题描述

我的第一个JSF页面是抛出javax.faces.application.ViewExpiredException.当我搜索时，我得到了解决问题的解决方案.

My first JSF page was throwing javax.faces.application.ViewExpiredException. while I searched I got this solution which solved my problem.

<context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>client</param-value>
</context-param>

但是我担心安全隐患.

推荐答案

这根本不会在客户端保存会话".

This doesn't save the "session" in client side at all.

这仅将JSF视图状态保存在客户端.在JSF 2.2中，始终使用在应用程序启动时生成的密钥对AES进行AES加密.但是，这将在您重新启动应用程序后失效，从而导致所有现有视图状态变为无效.您可以在web.xml中指定以下固定键，以便所有现有视图状态在服务器重新启动后保持有效:

This only saves the JSF view state in client side. This is in JSF 2.2 always AES-encrypted with a key which is generated on application startup. This however invalidates once you restart the application, hereby causing all existing view states to become invalid. You can specify a fixed key as below in web.xml so that all existing view states keep valid across server restarts:

<env-entry>
    <env-entry-name>jsf/ClientSideSecretKey</env-entry-name>
    <env-entry-type>java.lang.String</env-entry-type>
    <env-entry-value>[AES key in Base64 format]</env-entry-value>
</env-entry>

您可以使用此页面在Base64中生成随机AES密钥格式.

You can use this page to generate a random AES key in Base64 format.

• javax.faces.application.ViewExpiredException:视图无法恢复
• com.sun.faces.ClientStateSavingPassword-实际密码的建议?
• Servlet如何工作?实例化，会话，共享变量和多线程(阅读以了解会话"实际上是什么)

• javax.faces.application.ViewExpiredException: View could not be restored
• com.sun.faces.ClientStateSavingPassword - recommendations for actual password?
• How do servlets work? Instantiation, sessions, shared variables and multithreading (read this to learn what "session" actually is)

这篇关于使用javax.faces.STATE_SAVING_METHOD在客户端上保存会话的含义的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！