1. Shiro
  2. SHIRO-22

Enable POST redirects on session timeout


    • Type: New Feature New Feature
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:


      When a user is filling out a form for a long time and they don't submit (POST) within the session timeout limit they lose the newly entered data because after logging in they are redirected via GET to the target URI. This feature would enable redirecting a POST as a POST and therefore after successfully logging back in the user would see the result of their initial action.

      See email thread here:

      The solution might work like this:

      since we have control over the Request/Response pair, we could do something snazzy where, if the SavedRequest in the session is a POST request, we can manually construct a Request object indicating a POST method and send that into the filter chain directly instead of the originating GET Request given to us by the Servlet container.

      So, in essence, a GET would be redirected as a GET, and a POST would be redirected as a POST. It would work in a REST scenario because the SavedRequest is stored in the session.

      But this again assumes that this is even desirable (POST redirect). We could make it configurable I suppose (enablePostRedirects = true/false) in the JSecurityFilter configuration if someone didn't like that idea.

        Issue Links


          Jesse O'Neill-Oine created issue -
          Les Hazlewood made changes -
          Field Original Value New Value
          Fix Version/s 1.0 [ 12313312 ]
          Affects Version/s 1.0 [ 12313312 ]
          Alan Cabrera made changes -
          Project JSecurity [ 12310812 ] Ki [ 12310890 ]
          Component/s Session Management [ 12312404 ]
          Fix Version/s 1.0 [ 12313312 ]
          Affects Version/s 1.0 [ 12313312 ]
          Key JSEC-44 KI-17
          Alan Cabrera made changes -
          Fix Version/s 1.0 [ 12313690 ]
          Affects Version/s 1.0 [ 12313690 ]
          Alan Cabrera made changes -
          Component/s Session Management [ 12312683 ]
          Niclas Hedhman made changes -
          Project Ki [ 12310890 ] Shiro [ 12310950 ]
          Key KI-17 SHIRO-22
          Affects Version/s 1.0 [ 12313690 ]
          Component/s Session Management [ 12312683 ]
          Fix Version/s 1.0 [ 12313690 ]
          Les Hazlewood made changes -
          Link This issue is duplicated by SHIRO-132 [ SHIRO-132 ]
          Maria Jurcovicova made changes -
          Attachment patch-post redirect.patch [ 12482843 ]


            • Assignee:
              Jesse O'Neill-Oine
            • Votes:
              1 Vote for this issue
              0 Start watching this issue


              • Created: