Return 401 on expired/missing session?

Cantor, Scott cantor.2 at
Thu Aug 2 09:15:01 EDT 2018

> On CentOS 7 (Apache httpd 2.4) I always see "401 Unauthorized" instead of
> 403.
> CentOS 6 returns 403 for sure.

Is 6 running 2.4 also? I don't remember. Any inconsistency here is probably something Apache is doing, possibly some other layer steps in because of the 2.4 addition of stacking auth modules. The module just informs Apache of a require outcome, it doesn't actually control the response. The cases where an actual code come from the SP are the handlers (e.g. denying access to the status handler).

-- Scott

More information about the users mailing list