-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 James,
On 8/24/17 8:28 PM, James H. H. Lampert wrote: > On 8/24/17, 5:18 PM, Bob Hall wrote: >> If you successfully logged in previously, I suggest you check >> your browser for any cookies that were created at that time. You >> will probably need to remove them before the login challenge will >> be presented. - Bob > > Well, I can try explicitly clearing cookies, but the only thing on > the Tomcat server in question that currently uses "basic" sign-on > is manager, and whenever I shut down my browser and restart it > from scratch, I *always* get a sign-on dialog if I go to Manager. > > There. Cache and cookies both cleared, all the way back, and the > context that theoretically should be presenting a sign-on dialog > for the forbidden pages still serves an immediate 403 page > instead. I think Bob was using the cookie thing as a proxy for you being logged-in. If you use HTTP Basic authentication, then your browser caches your credentials (usually) until you quit the browser (not just one window/tab) or get a 401 response from the same base URL. Just for grins, make another request and use your browser's dev tools to inspect the HTTP request headers. If there is an "Authorization" header. If it's there, it's likely keeping you logged in, and so a 403 is appropriate for your situation (required role: frobozz, user's current roles: [not frobozz]). - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZoCLJAAoJEBzwKT+lPKRY+78P/1LudhYXVtlWE3A4Aa9C7G/S RPa4ZoUyiWsQs7Yzd8xMlpq3q5vG07W5f6Hh0+VpQuMObRKkT4c9RapmlR1wJNnz URpyTLE7f64roDt4/dBtumI+fIQwkTXBsILGUpe30sW70cmI5/DQlpzEkIDOwXvS 0nWOxY+TuPJfJDkBHfx02X5wQmwA4IIdgiqLirSwYYWa+gssxM/WfZtOr7FjJDmQ zuLwrrbLccUgF7rDwVBM6CjGVNMSc6Hl/4zLKAJ7nAKyYQaBGyhxgVboPwCicllp pih2XcXfm/LIqpGFuUS0lPagElmvysqVuXf5O+bup1ENyNlIiV/oKpHls2mQNLVe V28ylURdcke/6z+cYsV1p40o6YZNUc0p1+gQYEsIl6vk3nQCgKTeoKNLI2TJmWeP LNoagRd06yDKOoeLn0N2snSD0D9vlK+fAyUhl+lwjLegW0WrsOuM0JjNgykGhMI2 9i+VvWlKDCPE6+XucmaosCQieJK3uaseihTZEydsF3R0IPXTy2+GAsxI7OF3fMAj CF7AEojj7aZZ4X68R/gRpN0Q6z9GTVL+ZBIpz46bD/szlGrVdAoWihN2dkfZ6b79 lh7wBDq6aAijM9B4kWdS5ccycLyyi3uhCsaoohigGg8rJBMbH00bqR3/r6DNM/dA 0nTdGLOf5Wr5rv/nneji =cLi4 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
