I have a sign-in interceptor that stands in front of my "premium" pages and account management pages. However, I had a question as to when it gets invoked.
Take for instance I have a request for a form -- e.g. change password. If the user is not signed in, the interceptor forces a sign-in and then redirects to the change password form. However, the form could potentially sit there and let the session expire before it is submitted.
So the question is: does the interceptor get invoked for the form submission? If so, I should be routed to the sign-in form and then the form should be properly posted. However, I'm not sure if this is how it works. If not, I need to add some defensive code around onBind or onBindAndValidate or onSubmit (if they depend upon session data for any reason).
Does anyone know how it works?