-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jess,
On 2/1/12 2:10 PM, Jess Holle wrote: > I've noticed that if I POST to an authenticated URL in a web app > configured for form-based authentication, Tomcat delivers the login > form, and then replays the POST just fine *unless* the current > state of the browser is one where I had already been authenticated > but that session had timed out. In that case, Tomcat fails to > deliver the POST data. > > I assume this is a known issue/limitation. If not, is there some > configuration setting I'm missing or some such? This is with > Tomcat 7.0.23. If you are logged-in and experience a timeout while you stare at a POST form, the next POST should ask for your credentials and then re-POST the form. Your description about seems to claim that Tomcat can somehow tell the difference between a POST to a timed-out session and a post to a session which never existed. Tomcat does not keep old sessions around for the purposes of messing up your flows. Are you sure you are describing your observations properly? Tomcat *does* have a maximum size for a saved post (see http://tomcat.apache.org/tomcat-7.0-doc/config/http.html, "maxSavePostSize" - the default is 4kb). I actually don't know what happens if the POST size exceeds this value since I've never needed more than the default. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8plDEACgkQ9CaO5/Lv0PC2OgCgr27LjLMrycQrWS4dEgH4qsiM kzQAn3rWP/BUT/wbKiQudxMYLpiNnQC4 =jybe -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org