https://bz.apache.org/bugzilla/show_bug.cgi?id=66120
--- Comment #1 from Mark Thomas <ma...@apache.org> --- Do we want to support this? It would mean finding a way to serialize: - the expected session ID (part of the CSRF protection) - the saved request This looks to be doable although it would some effort to ensure that the serialization changes were done in a backwards compatible manner. We would also need to keep in mind that there may be further changes in serialization format in the future. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org