https://bz.apache.org/bugzilla/show_bug.cgi?id=69657
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #8 from Mark Thomas <ma...@apache.org> ---
The test application provided uses part FORM authentication, part programmatic
authentication. That isn't supported. Either use FORM auth as provided by
Tomcat or implement your own.
I'll note that all sorts of things that would work if you used the built-in
FORM auth - like POST requests with a request body to a protected URL - won't
work with this hybrid implementation.
What you are seeing is the result of hardening the built in FORM authentication
to limit the session timeout to 120s until the user is authenticated. If the
built-in FORM auth is used, the correct timeout will be restored on successful
authentication.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
