> There's one thing I noted in there, I've been confused about the use of > the 403 for a while, and now it seems it originates there too: > "The method should return OK on success and FORBIDDEN on failure.", but > this seems to me to be a violation of RFC 2616 (the HTTP 1.1 spec), > < http://www.w3.org/Protocols/rfc2616/rfc2616.html > > "10.4.4 403 Forbidden > The server understood the request, but is refusing to fulfill it. > Authorization will not help and the request SHOULD NOT be repeated." > But here we are trying to get people authorized, so a "go away" message > is inappropriate.... :-) Anybody have views to share on this?
A::A::P::Session uses 403 for internal purposes. The login page itself should arrive with a plain 200 OK - the 403 only initiates an internal redirect to the login redirector. -- CU Joerg PGP Public Key at http://ich.bin.kein.hoschi.de/~trouble/public_key.asc PGP Key fingerprint = D34F 57C4 99D8 8F16 E16E 7779 CDDC 41A4 4C48 6F94 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
