You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/11/16 19:22:13 UTC
DO NOT REPLY [Bug 14616] New: -
Redirects should be issued prior to authentication challenges
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14616>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14616
Redirects should be issued prior to authentication challenges
Summary: Redirects should be issued prior to authentication
challenges
Product: Tomcat 4
Version: 4.0.6 Final
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: Keith@Apache.org
4.0.6 exhibits this wrong behavior:
GET /foo -> 401
GET /foo with auth -> 301 to /foo/
GET /foo/ with auth -> 200
GET /bar with auth .. (browser will send auth to other realms!)
It should exhibit this correct behavior (as Apache does):
GET /foo -> 301 to /foo/
GET /foo/ -> 401
GET /foo/ with auth -> 200
GET /bar WITHOUT auth
Otherwise, browsers will cache and send auth information for the
entire domain and not just a protected directory.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>