we have submitted our application developed in JSF for a security review.
the test was failed as jsf is generating a hidden variable javax.faces.viewstate in client side(i.e, in jsp).
is there any way to avoid that variable to be generated in jsp with jsf ?
please help to solve this issue.
thanks in advance,