My first JSF page was throwing javax.faces.application.ViewExpiredException. while I searched I got this solution which solved my problem.
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
But I am concerned about the security implication.
This doesn't save the "session" in client side at all.
This only saves the JSF view state in client side. This is in JSF 2.2 always AES-encrypted with a key which is generated on application startup. This however invalidates once you restart the application, hereby causing all existing view states to become invalid. You can specify a fixed key as below in web.xml so that all existing view states keep valid across server restarts:
<env-entry>
<env-entry-name>jsf/ClientSideSecretKey</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>[AES key in Base64 format]</env-entry-value>
</env-entry>
You can use this page to generate a random AES key in Base64 format.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 该账号已被封号 的文章《Implications of saving session on the client with 》','https://www.manongdao.com/article-353929.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}