Depends on what you meant by "Payload" in the first comment. I assumed it to mean "a bunch of bytes", so you could have just used URL parameters, which don't have a standardised maximum length, but you can generally rely up to about 2,000[0] or so. If that wasn't enough, you could split up the requests like the other comments said[1], or go full hack-mode and use the cookies[2]. (using a Set-Cookie response header to clear them after the request was made)
Edit: Of course this isn't recommended, but I think the time wasted trying to convince the (seemingly terrible) manager could have been better spent.
Edit: Of course this isn't recommended, but I think the time wasted trying to convince the (seemingly terrible) manager could have been better spent.
[0] http://www.boutell.com/newfaq/misc/urllength.html
[1] https://news.ycombinator.com/item?id=10649995
[2] https://news.ycombinator.com/item?id=10650110