Return-Path: X-Original-To: apmail-myfaces-users-archive@www.apache.org Delivered-To: apmail-myfaces-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E6539107C9 for ; Wed, 19 Jun 2013 16:48:00 +0000 (UTC) Received: (qmail 48977 invoked by uid 500); 19 Jun 2013 16:47:59 -0000 Delivered-To: apmail-myfaces-users-archive@myfaces.apache.org Received: (qmail 48951 invoked by uid 500); 19 Jun 2013 16:47:59 -0000 Mailing-List: contact users-help@myfaces.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "MyFaces Discussion" Delivered-To: mailing list users@myfaces.apache.org Received: (qmail 48941 invoked by uid 99); 19 Jun 2013 16:47:58 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Jun 2013 16:47:58 +0000 X-ASF-Spam-Status: No, hits=1.7 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of smithh032772@gmail.com designates 209.85.212.170 as permitted sender) Received: from [209.85.212.170] (HELO mail-wi0-f170.google.com) (209.85.212.170) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Jun 2013 16:47:53 +0000 Received: by mail-wi0-f170.google.com with SMTP id ey16so965127wid.1 for ; Wed, 19 Jun 2013 09:47:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=ModwtOuBrudv+j2sSi/TAJQMtodoS2GeRT1Kb/8GgP0=; b=ma6dkLz+p2koOWE0h+WzaHy2xNAfkyNMFTqDixPdKCSoR8Jiu5Afr7oiwHp/zZytCo sHtrNz2T0IDeAnV1n/KTXG3PB3z7eqgJONmaruLycOL0HkP4KytIsTW1K2JtUbRtO4CL lkVK9vZb57g3ZIqb49Brk/QZnUh2rGOZU/9EA/oSpF/xy1czCVDXpImHwIo5XlFaD9QJ osVEkVgUsxcZlqAwrs8f5Ri3kZpyG7hvR1dKhX2cFORUs7Rn4KryEmpTzHs1gp4CR14L qHBHQtolYd9r1H8pRlGx5SaxkWYobdQdOsKjcEVA67vn8yU7XsG9DaK+5TOcU5aqAFsU ctGw== MIME-Version: 1.0 X-Received: by 10.180.211.233 with SMTP id nf9mr11559777wic.55.1371660452777; Wed, 19 Jun 2013 09:47:32 -0700 (PDT) Received: by 10.227.63.66 with HTTP; Wed, 19 Jun 2013 09:47:32 -0700 (PDT) In-Reply-To: <1371658506352-115108.post@n7.nabble.com> References: <512771B0.6040908@senat.fr> <1371658506352-115108.post@n7.nabble.com> Date: Wed, 19 Jun 2013 12:47:32 -0400 Message-ID: Subject: Re: Add 'Stateless JSF' to MyFaces Core? Is it really necessary? From: "Howard W. Smith, Jr." To: MyFaces Discussion Content-Type: multipart/alternative; boundary=001a11c338d00a52e304df84960d X-Virus-Checked: Checked by ClamAV on apache.org --001a11c338d00a52e304df84960d Content-Type: text/plain; charset=ISO-8859-1 On Wed, Jun 19, 2013 at 12:15 PM, nabbling1138 wrote: > > It has everything to do with avoiding your users experiencing a ViewExpired > state exception on a trivial form such as a login. > ViewExpiredExceptions are 'no' longer a concern of mine since I am using OmniFaces restoreView component. Also, for my home-grown/custom security-n-session-management implementation, my login page access @SessionScoped userBean.login, but since I've been hearing others advise to use @RequestScoped more than @SessionScoped (as much as possible), I am considering changing my implementation, so the login page will access @RequestScoped user bean instead of @SessionScoped. I am quite sure that that will allow my login page to sufficiently/theoretically avoid View Expired exception. I plan to try this...when I feel like it, or have bandwidth to do so. :) > It is non-intuitive for users to get errors (however you have handled them) > on simple forms when they went to lunch and came back. > Agreed. Thank God for OmniFaces restoreView component! > > Example: Imagine going to your favorite shopping web site. You get > interrupted and come back in 30 min - you go to run a search and you get > redirected to a friendly but annoying web page or maybe they force you back > to a page but you loose everything you typed. Awful customer experience! > Good point/example. I felt the same way while developing my current security/session-management implementation (over time). My app is definitely no 'shopping web site' and endusers of my app are very understanding of a 15-minute-session-timeout limit for security purposes, and I would 'only' assume shopping web sites would require/utilize @RequestScoped beans anyway. Take for instance Google or MSN.com search engines... Google loves 'history' (and so do I), @RequestScoped bean accepts the input of the enduser, and can update 'search history', accordingly when user 'come back in 30 min' to his search page and press Enter...to begin the search. :) Surely, not rocket science. > > > -- > View this message in context: > http://myfaces.10567.n7.nabble.com/Add-Stateless-JSF-to-MyFaces-Core-Is-it-really-necessary-tp114248p115108.html > Sent from the MyFaces - Users mailing list archive at Nabble.com. > --001a11c338d00a52e304df84960d--