• Post Reply Bookmark Topic Watch Topic
  • New Topic

Storing State

 
Dave Salter
Ranch Hand
Posts: 293
Java Mac OS X Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In JSF, you can store the session state either on the server or on the client by specifying the javax.faces.STATE_SAVING_METHOD parameter in the config files.

Are there any good rules of thumb that specify whether the state should be stored on the client or the server?
 
Tim Holloway
Bartender
Posts: 18412
58
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can give 2.

1. NEVER store sensitive info on the client. Someone will figure out how to abuse it. The only things that are safe to keep client-side are things like UI preferences (non-business items) and the session ID (which is only a difficult-to-reproduce temporary key back to items on the server).

2. Be mindful of how much data you're passing back and forth. If you swap 50K per page update, it'll be slow on a dial-up, and tend to clog the tubes if you've got a lot of users.

Of course, JSF itself tends to take liberties with item #2.
 
Dave Salter
Ranch Hand
Posts: 293
Java Mac OS X Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, thats the sort of answer I was looking for.

From your reply, it looks as though storing state on the server is probably the best way to go. Can you think of any scenarios where storing state on the client would be preferable?
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Dave Salter:
Can you think of any scenarios where storing state on the client would be preferable?


Where the server is not able to bear the load and there are no issues of bandwidth. So, sending and receiving the state to and from the client, respetively, wouldn't become a bottleneck.
 
Gregg Bolinger
Ranch Hand
Posts: 15304
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also note that not 100% secure, it should make you feel a bit better about client side state saving if using MyFaces. They provide a mechanism to encrypt the data, which ironically enough, ASP.NET has done all along. ;)
 
Dave Salter
Ranch Hand
Posts: 293
Java Mac OS X Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Gregg Bolinger:
Also note that not 100% secure, it should make you feel a bit better about client side state saving if using MyFaces. They provide a mechanism to encrypt the data, which ironically enough, ASP.NET has done all along. ;)


I've just done a search and according to JSR 252 - Java Server Faces 1.2, client side state will be encrypted in JSF 1.2 also. I've not been able to find any confirmation of this, but if its in the JSR I assume its in the 1.2 RI?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!