Return 401 on expired/missing session?

Takeshi NISHIMURA takeshi at
Thu Aug 2 12:20:24 EDT 2018

No, it is 2.2 on CentOS 6.

Furthermore, on 2.4, customizing that page using access="accessError.html" in <Errors> seems to be broken.
It is not a regression on SP 3.0 as 2.6.1 behaves identically.


> 2018/08/02 22:15, Cantor, Scott <cantor.2 at> wrote:
>> On CentOS 7 (Apache httpd 2.4) I always see "401 Unauthorized" instead of
>> 403.
>> CentOS 6 returns 403 for sure.
> Is 6 running 2.4 also? I don't remember. Any inconsistency here is probably something Apache is doing, possibly some other layer steps in because of the 2.4 addition of stacking auth modules. The module just informs Apache of a require outcome, it doesn't actually control the response. The cases where an actual code come from the SP are the handlers (e.g. denying access to the status handler).
> -- Scott

More information about the users mailing list