viewstate

Implications of saving session on the client with javax.faces.STATE_SAVING_METHOD

偶尔善良 提交于 2020-01-10 20:12:14
问题 My first JSF page was throwing javax.faces.application.ViewExpiredException . while I searched I got this solution which solved my problem. <context-param> <param-name>javax.faces.STATE_SAVING_METHOD</param-name> <param-value>client</param-value> </context-param> But I am concerned about the security implication. 回答1: This doesn't save the "session" in client side at all. This only saves the JSF view state in client side. This is in JSF 2.2 always AES-encrypted with a key which is generated

Implications of saving session on the client with javax.faces.STATE_SAVING_METHOD

99封情书 提交于 2020-01-10 20:10:35
问题 My first JSF page was throwing javax.faces.application.ViewExpiredException . while I searched I got this solution which solved my problem. <context-param> <param-name>javax.faces.STATE_SAVING_METHOD</param-name> <param-value>client</param-value> </context-param> But I am concerned about the security implication. 回答1: This doesn't save the "session" in client side at all. This only saves the JSF view state in client side. This is in JSF 2.2 always AES-encrypted with a key which is generated

Setting ViewStateUserKey gives me a “Validation of viewstate MAC failed” error

南楼画角 提交于 2020-01-09 07:41:26
问题 I have the following in my BasePage class which all my ASPX pages derive from: protected override void OnInit(EventArgs e) { base.OnInit(e); ViewStateUserKey = Session.SessionID; } I also have a machineKey set in Web.config . I don't think this error is because of a web farm because this happens on my dev machine too. My host has now upgraded to .NET 3.5 SP1. After this update, everytime I compile with the ViewStateUserKey setting above, I constantly get the "Validation of viewstate MAC

Session State v ViewState

ぃ、小莉子 提交于 2020-01-07 07:59:15
问题 In our application, we have a "BasePage" that declares a number of properties to be used by more or less every page in the app. Inside these properties, they write to ViewState. These are all typically an int or small string value, nothing huge. Typical use is call a web service and hold an id for use within the page, for example. I've used viewstate since I'm wary of the loss of session variables should IIS recycle for example. Also, I figured, very small values would not add hugely to the

Validation of mac failed

折月煮酒 提交于 2020-01-06 19:38:37
问题 I have developed application and its working fine on local with remote DB connection but when its put on live server on every post back event its giving this exception: Server Error in '/openlearningsolutions' Application. Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. Description: An unhandled exception

Viewstate does not persist after postback

和自甴很熟 提交于 2020-01-05 14:58:21
问题 I'm having some problems in persisting the viewstate on postback for a Control (vb.net) here's some code i've put in my control: Protected Overrides Sub OnInit(ByVal e As System.EventArgs) MyBase.OnInit(e) Me.EnableViewState = True Me.ViewStateMode = System.Web.UI.ViewStateMode.Enabled If Not Page.IsPostBack Then _SortTime = DateTime.Now _SortTime.AddSeconds(-10) ' incase the fileserver and webserver date are out of sync ViewState("PageLoadTimeStamp") = _SortTime End If End Sub onload:

Extract second CDATA content with RegEx or XPath in JMeter

谁都会走 提交于 2020-01-05 07:31:08
问题 I need to extract the content of the second CDATA element from a response in JMeter. The response looks for example like this: <?xml version='1.0' encoding='UTF-8'?> <partial-response><changes><update id="layout:layoutLeft:treeForm:riverTree"> <![CDATA[<li id="layout:layoutLeft:treeForm:flussgebieteBaum:0_0_0" data-rowkey="0_0_0" class="ui-treenode ui-treenode-parent river default" role="treeitem"> <span class="ui-treenode-content ui-tree-selectable" aria-expanded="false" aria-selected="false

Extract second CDATA content with RegEx or XPath in JMeter

拈花ヽ惹草 提交于 2020-01-05 07:31:07
问题 I need to extract the content of the second CDATA element from a response in JMeter. The response looks for example like this: <?xml version='1.0' encoding='UTF-8'?> <partial-response><changes><update id="layout:layoutLeft:treeForm:riverTree"> <![CDATA[<li id="layout:layoutLeft:treeForm:flussgebieteBaum:0_0_0" data-rowkey="0_0_0" class="ui-treenode ui-treenode-parent river default" role="treeitem"> <span class="ui-treenode-content ui-tree-selectable" aria-expanded="false" aria-selected="false

Why is my asp:TreeView selected node reset when in an UpdatePanel?

女生的网名这么多〃 提交于 2020-01-04 04:44:06
问题 I have an asp.net 2.0 page that contains 2 UpdatePanels . The first panel contains a TreeView control, when I select a node in the three view control it triggers an update of the second UpdatePanel only. This much is behaving correctly. There are two buttons on the page outside of an update panel (previous/next). These buttons trigger an update of both panels. The behaviour of the buttons is to select the adjacent node in the tree. The first time I click on one of these buttons I get the

Is it safe to store credit card and pricing information in ViewState even over ssl?

ε祈祈猫儿з 提交于 2020-01-03 16:41:05
问题 I have a page with private properties that are storing a credit card object and a shopping cart object in viewstate so I can maintain a reference to them across postbacks. By the way, the page involved will be using SSL. Is this safe? 回答1: I wouldn't store sensitive information in viewstate ... ever . By doing so, you are delegating security to the implementation of the browser for protecting your customers' data. Vulnerabilities like cross-site scripting (XSS), URL-redirection attacks, and