tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: Form Authentication POST data not preserved?
Date Sun, 05 Feb 2012 18:22:32 GMT
2012/2/5 Jess Holle <>:
> On 2/5/2012 11:15 AM, Konstantin Kolinko wrote:
>> I think this issue is specific to AJP.
>> For HTTP connectors a similar issue was noted and fixed here:
>> I think adding the following line to "REQ_SET_BODY_REPLAY" case in
>> AbstractAjpProcessor#action() will fix this bug:
>>    endOfStream = false;
> That did the trick!  [I just did this via the debugger without a rebuild,
> but same thing.]
> Could someone please patch this into trunk so it's in the next Tomcat
> release?
> Until then I can certainly patch it into my own Tomcat.  I just don't want
> to maintain this patch forever (nor have everyone else suffer from this bug
> in the AJP case).

I filed a bug

It would be nice to know whether this problem is observable with 6.0.35 or not.

2012/2/5 Jess Holle <>:
> Also it strikes me that maxSavePostSize should really be backed up by a use
> of a SoftReference in SavedRequest.
> This would allow one to allow relatively large POST bodies to be saved
> unless/until this threatened to consume the JVM's overall memory resources,
> at which point the POST bodies could be dropped.
> As it stands now one has to choose between vicious treatment of large POST
> bodies (i.e. dropping all the user's data) and opening oneself wide open to
> quick and easy (and possibly accidental) DOS attacks.

Interesting idea. I think it is worth filing an enhancement request.
Though I see the following caveat:

Using SoftReference here will lead to non-deterministic behaviour. I
wonder whether admins will be puzzled by this feature.  Though this
can be solved by logging an INFO message wrapped by

Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message