added org.apache.shiro.form-resubmit.secure-cookies documentation alo…

…ng with other minor form resubmit doc chagnes
apache · Sep 21, 2023 · 27fc8e3 · 27fc8e3
1 parent 7d0cd54
commit 27fc8e3
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/src/site/content/jakarta-ee.adoc b/src/site/content/jakarta-ee.adoc
@@ -299,15 +299,25 @@ authc.logoutFallbackType = $fallbackType
 ----
 
 ==== Automatic form submit upon subsequent login
-The module will automatically submit forms upon session expiration and subsequent re-login.
-To disable this behavior, add the following to `web.xml`:
+Jakarta EE module will automatically resubmit forms when session expires and a subsequent re-login occurs. This will prevent users data from loss due to sessions timing out.
+
 [source,xml]
+.To disable this behavior, add the following to `web.xml`:
 ----
 <context-param>
     <param-name>org.apache.shiro.form-resubmit.disabled</param-name>
     <param-value>true</param-value>
 </context-param>
 ----
+During form resubmissions, the original request is replayed, and the response is relayed back to the browser, along with any cookies genereated. Cookies are set to be secure by default.
+[source,xml]
+.To disable secure cookie attribute, add the following to `web.xml`:
+----
+<context-param>
+    <param-name>org.apache.shiro.form-resubmit.secure-cookies</param-name>
+    <param-value>false</param-value>
+</context-param>
+----
 
 ==== Configuring for Tomcat / Jetty (or without Jakarta Faces)
 If Jakarta Faces (JSF) is not available in your environment, you need to put the following into your `web.xml` to enable proper OmniFaces initialization: