Thanks Scott! I have to say you are really on top of things, I see your posts
all over these forums.
I am able to reproduce the intended behavior in 4.0.2 - the same as 4.0.1sp1.
Is this behavior specified in the newer servlet spec? Just wondering why the
results were different in JBoss 3.2.5?
New infomation:
I was NOT able to reproduce the issue in [3.2.5 (build: CVSTag=JBoss_3_2_5
date=200406251954)]
I am able to reproduce the issue in [4.0.1sp1 (build: CVSTag=JBoss_4_0_1_SP1
date=200502160314)]
Downloading 4.0.2 right now - wll post the results.
View the original post :
A forwarded request does not go through the security stack so I don't expect
that the request roles will have changed. A redirected reply will show the
updated state as a new session will be required.
View the original post :