From 27fc8e3bc393ecf1486144d114974fb101f99da7 Mon Sep 17 00:00:00 2001
From: lprimak <lenny@flowlogix.com>
Date: Thu, 21 Sep 2023 16:51:23 -0500
Subject: [PATCH] added org.apache.shiro.form-resubmit.secure-cookies
 documentation along with other minor form resubmit doc chagnes

---
 src/site/content/jakarta-ee.adoc | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/site/content/jakarta-ee.adoc b/src/site/content/jakarta-ee.adoc
index 86072d4508..17af258780 100644
--- a/src/site/content/jakarta-ee.adoc
+++ b/src/site/content/jakarta-ee.adoc
@@ -299,15 +299,25 @@ authc.logoutFallbackType = $fallbackType
 ----
 
 ==== Automatic form submit upon subsequent login
-The module will automatically submit forms upon session expiration and subsequent re-login.
-To disable this behavior, add the following to `web.xml`:
+Jakarta EE module will automatically resubmit forms when session expires and a subsequent re-login occurs. This will prevent users data from loss due to sessions timing out.
+
 [source,xml]
+.To disable this behavior, add the following to `web.xml`:
 ----
 <context-param>
     <param-name>org.apache.shiro.form-resubmit.disabled</param-name>
     <param-value>true</param-value>
 </context-param>
 ----
+During form resubmissions, the original request is replayed, and the response is relayed back to the browser, along with any cookies genereated. Cookies are set to be secure by default.
+[source,xml]
+.To disable secure cookie attribute, add the following to `web.xml`:
+----
+<context-param>
+    <param-name>org.apache.shiro.form-resubmit.secure-cookies</param-name>
+    <param-value>false</param-value>
+</context-param>
+----
 
 ==== Configuring for Tomcat / Jetty (or without Jakarta Faces)
 If Jakarta Faces (JSF) is not available in your environment, you need to put the following into your `web.xml` to enable proper OmniFaces initialization: