Say I go to a page containing a form, which should I submit it, posts to /UpdateStuff.action to the server. I then go home for the day, and my session times out.

Next day I click the button. Seraph notices the lack of session and redirects me to login.jsp?os_destination=/UpdateStuff.action. However, because the POST parameters have not been preserved in the os_destination, when I am redirected to UpdateStuff.action, it will have none of the info it requires, and will fail in some way.

If Seraph intercepts a POST, then it should store the POST parameters in a session attribute, and after login, resubmit the POST with those parameters. The current behaviour of resubmitting POSTS as GETs without any parameters is guaranteed to result in a broken page.