You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/12/20 23:35:16 UTC

DO NOT REPLY [Bug 8607] - Valid User, invalid role, results in msg 403, then incorrect operation

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8607>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8607

Valid User, invalid role, results in msg 403, then incorrect operation

medthomas@ntlworld.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID



------- Additional Comments From medthomas@ntlworld.com  2003-12-20 22:35 -------
This behaviour is as per the spec.

The 403 is the correct response to a valid user that is not authorised to 
access the requested resource. Once a valid user has logged in, they stay 
logged in until the sesison ends (timeout or the browser is closed).

Trying to access the login page directly is not an accepted way of trying to 
changing the current user (or even to login in the first place) and therefore 
results in the 404.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org