Christian Gilmore wrote: > > I am attempting to redirect certain users during the authentication phase > to support password expiration management. I am not having success > building it directly into the authentication module and think it may be > perhaps that the internal REDIRECT constant is ignored if given outside of > a content handling phase. Could someone confirm this thought?
for the resource control phases the proper response is generally AUTH_REQUIRED or FORBIDDEN. AUTH_REQUIRED triggers a special set of headers, so if you're trying to bypass those, instead of using REDIRECT try returning FORBIDDEN with a custom response $r->custom_response(FORBIDDEN, $redirect_url); return FORBIDDEN; HTH --Geoff
