struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Benedict <>
Subject Re: Serializing the ValueStack on a redirect
Date Sun, 05 Aug 2012 15:17:20 GMT

On Sun, Aug 5, 2012 at 1:42 AM, Philip Luppens <> wrote:
> On Sun, Aug 5, 2012 at 7:34 AM, Paul Benedict <> wrote:
>> I don't think this feature exists but it does in Tapestry (and
>> probably .NET). It should be possible to serialize the ValueStack on a
>> redirect, pass it as a 64-bit encoded key, and deserialize it. This
>> would facilitate greater Redirect-After-Post patterns that require
>> data points to still be active.
>> Thoughts?
> I find it an intriguing idea, but wouldn't it imply a serialisation of the
> entire object graph that is attached to your root object and hence a
> security risk by exposing certain variables?

Yes, you would have to serialize what's in the ValueStack. This would
be a given. However, a decent programmer should know what he is about
to do by enabling this kind of feature -- probably via a new
interceptor. With regards to security, the contents definitely require
encryption. Base64 encoding isn't stealth.

> Isn't this something that is already possible with the 'flash' scope? Or
> does this approach offer certain benefits?
> Cheers,
> Phil

Yes, it is a type of flash scope. The only difference is that it's not
dependent on a user's session.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message