On Thu, 2005-11-10 at 16:20 +0000, John ORourke wrote: > You can avoid some redirection by having a non-HTTPS form which submits > to the HTTPS login page (although users might worry, no padlock icon). > Otherwise it's perfectly reasonable to redirect to a secure login. On > successful login simple 403 the user back to the page they wanted. > That's just one 403 per request.
403 means "Forbidden," not "Redirect." - Perrin
