Hello, I've been looking through the AuthenticationProcessingFilter source in Acegi Security, and I haven't seen support for storing a memento of the original HTTP request in the session, providing the ability to let a user re-authenticate without losing the original HTTP post parameters in the event of session expiration. Is this available in Acegi Security and I'm just not seeing its implementation? As a side note, Apache Tomcat 5.5.9 does provide this support in its container managed authentication. See the "authenticate" method. http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java?rev=1.23&view=markup If this feature is not currently available in Acegi Security, is there interest in adding (configurable) support for it to the AuthenticationProcessingFilter? I could see reasons for NOT wanting to use this (e.g. session creation denial-of-service attacks), but in other situations it can be useful. Thanks, Curtis
------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
