Return 401 on expired/missing session?
peter.schober at univie.ac.at
Fri Aug 3 07:15:23 EDT 2018
* Takeshi NISHIMURA <takeshi at nii.ac.jp> [2018-08-02 10:56]:
> On 2018/04/10 4:38, Cantor, Scott wrote:
> > > then accesses the /api just fine, once the shib session expires
> > > the XHRs to /api will get HTTP 401 from the server.
> > I think the SP itself is just returning 403s on require failures.
> On CentOS 7 (Apache httpd 2.4) I always see "401 Unauthorized"
> instead of 403.
For the record, the 401 I got was on Debian stable, so httpd 2.4, too.
Since it was what I (or rather the devloper) expected it's all good.
More information about the users