One other thought on this, if no credentials are found, wouldn't it be best to challenge the requester with a 401, but with the www- authenticate header or something? Rather than just providing a plain 401?
Perhaps this could be wrapped up in DigestAuthenticationChallengeResponse or something? Cheers, Tim --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---
