Summary: | Valid User, invalid role, results in msg 403, then incorrect operation | ||
---|---|---|---|
Product: | Tomcat 4 | Reporter: | David Farb <dmfarb> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED INVALID | ||
Severity: | normal | ||
Priority: | P3 | ||
Version: | 4.0.3 Final | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | All |
Description
David Farb
2002-04-28 19:08:12 UTC
This behaviour is as per the spec. The 403 is the correct response to a valid user that is not authorised to access the requested resource. Once a valid user has logged in, they stay logged in until the sesison ends (timeout or the browser is closed). Trying to access the login page directly is not an accepted way of trying to changing the current user (or even to login in the first place) and therefore results in the 404. Why can't we use the directive <error-code>403 in order to redirect the error on our own error page Please ask questions like this on the tomcat-user mailing list rather than hi- jacking bug reports. |