You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by ra...@ezcompany.nl on 2001/09/08 11:58:33 UTC
POST and session-timeout (Extra Information)
Hi All,
I have a secured area in with FORM authentication, when I -POST- a Form after
the session has timed out and re-login, the information on the Form isn\'t
submitted anymore. The parameters are lost. Is there a possibility to have the
parameters still in the request? Getting the form isn\'t an option because there
is too much information in the request. It also isn\'t possible to post an
multipart form.
Greetings Ralph
Forgot to mention: I use Tomcat 3.2.1 and Jboss 2.2.1
Re: POST and session-timeout (Extra Information)
Posted by Ralph vd Houdt <ra...@ezcompany.nl>.
Hi Gregor,
Are the post parameters stored if I use basic login?
Grtz.
------------
ezCompany >>> easy internet solutions <<< www.ezcompany.nl
Stationsstraat 39 5038 EC Tilburg T 013 5453408 F 013 5453409
----- Original Message -----
From: "Gregor Rayman" <gr...@gmx.net>
To: <st...@jakarta.apache.org>
Sent: Saturday, September 08, 2001 12:19 PM
Subject: Re: POST and session-timeout (Extra Information)
> <ra...@ezcompany.nl> wrote:
>
> > Hi All,
> >
> > I have a secured area in with FORM authentication, when I -POST- a Form
> after
> > the session has timed out and re-login, the information on the Form
isn\'t
> > submitted anymore. The parameters are lost. Is there a possibility to
have
> the
> > parameters still in the request? Getting the form isn\'t an option
because
> there
> > is too much information in the request. It also isn\'t possible to post
an
> > multipart form.
> >
> > Greetings Ralph
> >
> > Forgot to mention: I use Tomcat 3.2.1 and Jboss 2.2.1
>
> This is more a question for Tomcat, but you are right, the POST data are
not
> stored in Tomcat during the form based login. As far as I know, only the
URL
> is stored (but better have a look into the sources).
>
> It is a limitation, but it also protects your server. The submitted data
> have
> to be stored in a session and POSTed data can be huge. Storing them could
> overload your server, even from people, who were not yet authentified.
>
> --
> gR
>
>
>
Re: POST and session-timeout (Extra Information)
Posted by Gregor Rayman <gr...@gmx.net>.
<ra...@ezcompany.nl> wrote:
> Hi All,
>
> I have a secured area in with FORM authentication, when I -POST- a Form
after
> the session has timed out and re-login, the information on the Form isn\'t
> submitted anymore. The parameters are lost. Is there a possibility to have
the
> parameters still in the request? Getting the form isn\'t an option because
there
> is too much information in the request. It also isn\'t possible to post an
> multipart form.
>
> Greetings Ralph
>
> Forgot to mention: I use Tomcat 3.2.1 and Jboss 2.2.1
This is more a question for Tomcat, but you are right, the POST data are not
stored in Tomcat during the form based login. As far as I know, only the URL
is stored (but better have a look into the sources).
It is a limitation, but it also protects your server. The submitted data
have
to be stored in a session and POSTed data can be huge. Storing them could
overload your server, even from people, who were not yet authentified.
--
gR