在JSF2 Flash范围内设置发布值之后,在对页面的第二个GET请求中再次可见该页面(Flash范围被认为是有害的) [英] After post is setting a value in JSF2 flash scope, it is visible again on second GET request to a page (Flash scope considered harmful)
问题描述
我在JSF2中测试了新的Flash作用域,但是发现它有一个主要问题,或者我缺乏一些知识.
I tested new Flash scope in JSF2 but I found a major issue with it or I am lacking some knowledge.
有一个页面:
<h:body>
Value in flash: #{flash.text}
<h:form>
<h:inputText value="#{flash.text}" />
<h:commandButton value="Test" /> <!-- Same behavior with faces redirect -->
</h:form>
</h:body>
我有一个场景:
- 输入值"foo",然后单击测试"
- 我得到闪存中的值:foo"
- 我以相同的地址打开新页面
- 我得到闪存中的价值:"
- 我用相同的地址打开另一个新页面
- 我得到闪存中的值: foo "<-恕我直言,这是错误的!
- Put a value 'foo' and click Test
- I get 'Value in flash: foo'
- I open new page with the same adress
- I get 'Value in flash:'
- I open another new page with the same adress
- I get 'Value in flash: foo' <- IMHO this is wrong!
可重复性:100% 在Glassfish 3.1和JBoss AS 7上进行了测试
Reproducibility: 100% Tested on Glassfish 3.1 and JBoss AS 7
具有相同原因的不同问题:从闪存中删除JSF消息
Different problem with probably same reason: Removing JSF messages from the flash
所以:
- JSF2 flash是否具有所需的行为?
- 基于Flash的这一问题以及其他值得注意的问题,应该将参考Flash实施视为有害吗?
推荐答案
我认为,目前应该确实将Flash的实现视为有害.在我每天工作的应用程序中,我有一个非常好的用例,但不幸的是,Flash似乎无法使用.
I think for now the implementation of The Flash should be considered harmful indeed. In the application I'm working on day to day I had a very good use case for it, but unfortunately The Flash just appeared to be unusable.
主要问题是,用于清除指向状态的指针的cookie未被清除,请参见
The main problem is that the cookie which is used to transfer a pointer to the state isn't cleared, see Flash scoped message lives longer than next request.
Flash作用域似乎也存在安全问题,请参见 Flash作用域cookie启用了数据利用.
There also seems to be a security problem with the flash scope, see Flash scope cookie enables data exploits.
如果有任何一个困扰您,请对链接的问题进行投票;)
这篇关于在JSF2 Flash范围内设置发布值之后,在对页面的第二个GET请求中再次可见该页面(Flash范围被认为是有害的)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
