I check incoming POST requests, on existing connections only, for a Content-Length of zero.
Only IE meets those criteria (AFAIK) when it wants to re-authenticate. SSPI restarts the auth process, authenticates, and IE eventually sends its correct POST w/ data.
No need for per_auth_request to be always ON; we save a bit of extra traffic to our web servers and Domain Controller.
fix IE dropping POST data