Return 401 on expired/missing session?
Cantor, Scott
cantor.2 at osu.edu
Thu Aug 2 09:15:01 EDT 2018
> On CentOS 7 (Apache httpd 2.4) I always see "401 Unauthorized" instead of
> 403.
>
> CentOS 6 returns 403 for sure.
Is 6 running 2.4 also? I don't remember. Any inconsistency here is probably something Apache is doing, possibly some other layer steps in because of the 2.4 addition of stacking auth modules. The module just informs Apache of a require outcome, it doesn't actually control the response. The cases where an actual code come from the SP are the handlers (e.g. denying access to the status handler).
-- Scott
More information about the users
mailing list