tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Form Authentication POST data not preserved?
Date Fri, 03 Feb 2012 23:26:07 GMT
2012/2/4 Jess Holle <jessh@ptc.com>:
> I posted a query recently wherein I thought that POST data was being lost
> *only* if the user had been authenticated, their session timed out, and then
> they POST'ed to a URL requiring authentication -- thus having their request
> interrupted for a form-based login.
>
> I know Tomcat is supposed to preserve the POST data in this case as well as
> in the case where one had not yet authenticated prior to the POST, but I'd
> thought that the latter case worked.
>
> As someone nicely pointed out, that makes no sense.
>

Why? The saved data is kept in session. If session times out (that
means: it is removed from the server) the data that was kept in it
becomes lost as well as the session itself.


Or maybe I do not quite understand you (try rephrase your statements,
listing the events in chronological order).

The session is created once the session-id cookie is sent to the user.
That happens before authentication.

>(...)
>
> P.S. The lack of wisdom of setting maxSavePostSize is clear enough to me
> now.  I'll be setting this to a large but still not egregious value once I
> figure out the rest of this...
>

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message