tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: Form Authentication POST data not preserved?
Date Fri, 03 Feb 2012 23:26:07 GMT
2012/2/4 Jess Holle <>:
> I posted a query recently wherein I thought that POST data was being lost
> *only* if the user had been authenticated, their session timed out, and then
> they POST'ed to a URL requiring authentication -- thus having their request
> interrupted for a form-based login.
> I know Tomcat is supposed to preserve the POST data in this case as well as
> in the case where one had not yet authenticated prior to the POST, but I'd
> thought that the latter case worked.
> As someone nicely pointed out, that makes no sense.

Why? The saved data is kept in session. If session times out (that
means: it is removed from the server) the data that was kept in it
becomes lost as well as the session itself.

Or maybe I do not quite understand you (try rephrase your statements,
listing the events in chronological order).

The session is created once the session-id cookie is sent to the user.
That happens before authentication.

> P.S. The lack of wisdom of setting maxSavePostSize is clear enough to me
> now.  I'll be setting this to a large but still not egregious value once I
> figure out the rest of this...

Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message