0

From my JSF page, I am redirecting to an external URL (another server) through a POST request using this: JSF commandButton - passing POST params to an external site.

The external URL is a JSF webpage of another JSF webapp being called for the first time. At the receiving end inside request filter doFilter() method I see that session is invalid for the incoming request. Is it because request is coming from a different server and request is bound to an old session id which is not in the scope of current server? I do need a valid session at this point. Do I need to recreate session? Or why JSF is not creating session automatically on the first request at this web page on second server? Is it because the first request is a POST instead of GET on the second server web page?

I would also like to tell that this problem is happening for only the first request on the second server.

Community
  • 1
  • 1
user2918640
  • 473
  • 1
  • 7
  • 25
  • 1
    So you have a filter before the jsf servlet and wonder why jsf has not created a session? The answer is because that is how **you** defined the order. (Keep in mind that jsf does not create a session bt the container does IF jsf needs a session) Doing a direct post instead of a get first will be a different but unrelated problem you will run into, something related to viewstate. – Kukeltje Jul 01 '16 at 18:13
  • My bad. Thank you for reminding me the nuts and bolts of Servlets & Filters. In this case, I'll just let the first request (the post request that carries post params) bypass the invalid session check block in my filter. After post renders the target page on another server, I know that I'll have the session available for the subsequent requests. It's all just my app specific requirements where I have to redirect, with some minor data, to another server and I can not expose that data in get params. – user2918640 Jul 02 '16 at 18:39
  • You can't expose it (= clear text data?) in a get param, but can do it in a obfuscated post param? Bad design... Better do some encryption on the data. – Kukeltje Jul 02 '16 at 19:33
  • Well, there are are three parameters and value of one of the paramaters is sort of a long encrypted string key (a login key). This key would have to be consumed within a minute by a related service on another server which would generate a user token (along with user informations) for the app on the second server. Its just I am not keeping these params in the URL to make it look clean. – user2918640 Jul 03 '16 at 16:47
  • Check http://stackoverflow.com/questions/9061027/how-to-disable-viewstate – Kukeltje Jul 03 '16 at 21:30

0 Answers0