On 30/06/2020 03:12, Bhavesh Mistry wrote:
> Hi Mark,
> Thank you for responding.  I have one more question.  This is spring-boot 2
> application REST API server and it does not accept Cookie or session
> (timeout is set to zero).    Auth happens through Authorized header. We
> have set 10mb for maxPostSize.  Does maxSavePostSize takes precedence over
> maxPostSize ?

No. They are different settings.

>  I will set maxSavePostSize to -1 to disable it.

That is a DoS risk.

> Also, I have another question.  When Payload is as large as 10mb (json
> post),  does payload body in JVM MEMORY or offloaded to FileInputStream ?

Where POST data is saved for authentication is, it is always in memory.
For other POSTs, it will depend on the application configuration and/or


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to