Skip to content

Commit

Permalink
added org.apache.shiro.form-resubmit.secure-cookies documentation alo…
Browse files Browse the repository at this point in the history
…ng with other minor form resubmit doc chagnes
  • Loading branch information
lprimak committed Sep 21, 2023
1 parent 7d0cd54 commit 27fc8e3
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions src/site/content/jakarta-ee.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -299,15 +299,25 @@ authc.logoutFallbackType = $fallbackType
----

==== Automatic form submit upon subsequent login
The module will automatically submit forms upon session expiration and subsequent re-login.
To disable this behavior, add the following to `web.xml`:
Jakarta EE module will automatically resubmit forms when session expires and a subsequent re-login occurs. This will prevent users data from loss due to sessions timing out.

[source,xml]
.To disable this behavior, add the following to `web.xml`:
----
<context-param>
<param-name>org.apache.shiro.form-resubmit.disabled</param-name>
<param-value>true</param-value>
</context-param>
----
During form resubmissions, the original request is replayed, and the response is relayed back to the browser, along with any cookies genereated. Cookies are set to be secure by default.
[source,xml]
.To disable secure cookie attribute, add the following to `web.xml`:
----
<context-param>
<param-name>org.apache.shiro.form-resubmit.secure-cookies</param-name>
<param-value>false</param-value>
</context-param>
----

==== Configuring for Tomcat / Jetty (or without Jakarta Faces)
If Jakarta Faces (JSF) is not available in your environment, you need to put the following into your `web.xml` to enable proper OmniFaces initialization:
Expand Down

0 comments on commit 27fc8e3

Please sign in to comment.