2012/2/4 Jess Holle <je...@ptc.com>: > I posted a query recently wherein I thought that POST data was being lost > *only* if the user had been authenticated, their session timed out, and then > they POST'ed to a URL requiring authentication -- thus having their request > interrupted for a form-based login. > > I know Tomcat is supposed to preserve the POST data in this case as well as > in the case where one had not yet authenticated prior to the POST, but I'd > thought that the latter case worked. > > As someone nicely pointed out, that makes no sense. >
Why? The saved data is kept in session. If session times out (that means: it is removed from the server) the data that was kept in it becomes lost as well as the session itself. Or maybe I do not quite understand you (try rephrase your statements, listing the events in chronological order). The session is created once the session-id cookie is sent to the user. That happens before authentication. >(...) > > P.S. The lack of wisdom of setting maxSavePostSize is clear enough to me > now. I'll be setting this to a large but still not egregious value once I > figure out the rest of this... > Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
