-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nathan Van Gheem wrote:
>> Can we clarify this some more?
>
>
>
>> The "correct" behavior for the application to return a "Forbidden" error
>
> response (HTTP response code 403) for authenticated users, and only
>
> raise an "Unauthorized" (401)
>
> Can we clarify this some more?
> The "correct" behavior for the application to return a "Forbidden" error
response (HTTP response code 403) for authenticated users, and only
raise an "Unauthorized" (401) for anonymous users: the 401 response is
misnamed, but the semantics defined in RF
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nathan Van Gheem wrote:
> Hello everyone,
> It seems odd to me that repoze.who would log someone out who is not
> authorized to a certain part of a web site. Unless I'm doing something
> wrong it seems like there is no good way around it either.
>
>
Hello everyone,
It seems odd to me that repoze.who would log someone out who is not
authorized to a certain part of a web site. Unless I'm doing something
wrong it seems like there is no good way around it either.
The only solution I could find is creating my own redirecting form plugin
that adds