Priority: Normal
Current State: Closed
Released In:
Target Release:
Applies To: Engine
Component:
Branches:
when the login is validated and it user/password is wrong, we return a 200 + the form -> changin to 403 + form
I don't understand this report. I have an out of the box install, without your patch. I try to access a protected resource, and am redirected (401) to the login screen. I enter bad details, and am again given a 401.
Can you please explain the circumstances under which you see a 200?
BTW I don't see anything wrong with your checkin
per se, I just needd to understand why you think it is required.
--
CrawfordCurrie - 30 Jan 2009
First of all, iam using
FormPlugin. In this case, it redirects before Foswiki does so. So when the response type is not set at the place its evaluated and later, when the plugin handlers are called, the page gets redirected, you would not get the correct status...
Its just a general thing. If we check for login data and they are not valid and all we want is to show the login page, we should actually delete the POST data out of the query maybe, set the status that the login request was a failure ( not matter what plugins do then ). The thing with removing the post data can actually harm current plugins, but the status will not.
So all in one, my description is wrong. Should include that this happens when plugins make a redirect after the user/password test.
--Main.EugenMayer
this change was reverted as 4xx is
only for browser authentication, not for html authentication.
see Tasks:Item1029
--
SvenDowideit - 30 Apr 2010