I have two managed bean type @ViewScoped
.
A bean lists the items of the user. Another shows extended information of an item. I'm passing the id of the item by url, it's the only way it has worked with viewscoped bean.
But I do not like this way because a user can try to change values url and see items from another user. I wonder if there is any way of passing parameters between pages is not seen by the user and avoid an extra security check.