https://bz.apache.org/bugzilla/show_bug.cgi?id=61999
--- Comment #2 from Michael <bsi....@gmail.com> --- Thanks for your fast reply. Yes we have an actual need to disable the "save post data" feature during authentication. We do not want the request to fail (with 403) just because the POST data was more than x KB since we do not need the POST data to be saved. Reading the documentation, we thought to have found a solution for this problem by setting maxSavePostSize=0 so the POST data would be ignored while the request is still being processed. It is our understanding that saving the POST data of the request is a performance improvement rather than a necessity. In our use case we use the FormAuthenticator but do not redirect to a simple HTML form but rather to a URL which does a programmatic login. The POST data is irrelevant for the login and will be sent again from the client after authentication. Thus fixing the documentation would not help in our case. Furthermore the current implementation behaves as follows: * value < 0 means no limit * value >= 0 means limited to the value => so for value=0 every request with any POST data will fail (403 Forbidden) So your suggestions to fix the documentation would not match with the current implementation. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
