Return 401 on expired/missing session?

Takeshi NISHIMURA takeshi at
Thu Aug 2 04:56:09 EDT 2018

On 2018/04/10 4:38, Cantor, Scott wrote:
>> then accesses the /api just fine, once the shib session expires the XHRs to
>> /api will get HTTP 401 from the server.
> I think the SP itself is just returning 403s on require failures.

On CentOS 7 (Apache httpd 2.4) I always see "401 Unauthorized" instead of 403.

CentOS 6 returns 403 for sure.


More information about the users mailing list