On 2/3/2012 5:26 PM, Konstantin Kolinko wrote:
2012/2/4 Jess Holle<je...@ptc.com>:
I posted a query recently wherein I thought that POST data was being lost
*only* if the user had been authenticated, their session timed out, and then
they POST'ed to a URL requiring authentication -- thus having their request
interrupted for a form-based login.
I know Tomcat is supposed to preserve the POST data in this case as well as
in the case where one had not yet authenticated prior to the POST, but I'd
thought that the latter case worked.
As someone nicely pointed out, that makes no sense.
Why? The saved data is kept in session. If session times out (that
means: it is removed from the server) the data that was kept in it
becomes lost as well as the session itself.
Or maybe I do not quite understand you (try rephrase your statements,
listing the events in chronological order).
How's this?
Case 1:
1. Browse to (anonymously accessible) data entry form without having
logged in yet
2. Click to POST data to authenticated result page URL
3. Fill in login form
4. See result page
Case 2:
1. Log in
2. Browse to data entry form (anonymous or otherwise)
3. Allow session to time out (or force this on the server)
4. Click to POST data to authenticated result page URL
5. Fill in login form
6. See result page
I'd expect to see the results in both cases reflect the POST data.
Initially I had thought that Case #1 worked but Case #2 didn't. That
makes no sense -- as others pointed out.
Now I see that neither case works.
--
Jess Holle
