On Thu, Feb 9, 2012 at 8:36 AM, Yap Sok Ann <[email protected]> wrote: > That's what I thought too, but it seems like the "standard" for > pyramid is to show the login view for 403: > > http://docs.pylonsproject.org/projects/pyramid/en/latest/tutorials/wiki/authorization.html#add-login-and-logout-views
This appears to be a mistake on Pyramid's part. Wouldn't it be better to fix Pyramid to use 401 HTTPUnauthorized for not-logged-in rather than using 403 HTTPForbidden for both cases? -- Mike Orr <[email protected]> -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
