Return 401 on expired/missing session?
Takeshi NISHIMURA
takeshi at nii.ac.jp
Thu Aug 2 12:20:24 EDT 2018
No, it is 2.2 on CentOS 6.
Furthermore, on 2.4, customizing that page using access="accessError.html" in <Errors> seems to be broken.
It is not a regression on SP 3.0 as 2.6.1 behaves identically.
Takeshi
> 2018/08/02 22:15, Cantor, Scott <cantor.2 at osu.edu> wrote:
>
>> On CentOS 7 (Apache httpd 2.4) I always see "401 Unauthorized" instead of
>> 403.
>>
>> CentOS 6 returns 403 for sure.
>
> Is 6 running 2.4 also? I don't remember. Any inconsistency here is probably something Apache is doing, possibly some other layer steps in because of the 2.4 addition of stacking auth modules. The module just informs Apache of a require outcome, it doesn't actually control the response. The cases where an actual code come from the SP are the handlers (e.g. denying access to the status handler).
>
> -- Scott
More information about the users
mailing list