You are here: Foswiki>Tasks Web>Item899 (30 Apr 2010, SvenDowideit)Edit Attach

Item899: when the login is validated and it user/password is wrong, we return a 200 + the form -> changin to 403 + form

pencil
Priority: Normal
Current State: Closed
Released In:
Target Release:
Applies To: Engine
Component:
Branches:
Reported By: EugenMayer
Waiting For:
Last Change By: SvenDowideit
when the login is validated and it user/password is wrong, we return a 200 + the form -> changin to 403 + form
I don't understand this report. I have an out of the box install, without your patch. I try to access a protected resource, and am redirected (401) to the login screen. I enter bad details, and am again given a 401.

Can you please explain the circumstances under which you see a 200?

BTW I don't see anything wrong with your checkin per se, I just needd to understand why you think it is required.

-- CrawfordCurrie - 30 Jan 2009

First of all, iam using FormPlugin. In this case, it redirects before Foswiki does so. So when the response type is not set at the place its evaluated and later, when the plugin handlers are called, the page gets redirected, you would not get the correct status...

Its just a general thing. If we check for login data and they are not valid and all we want is to show the login page, we should actually delete the POST data out of the query maybe, set the status that the login request was a failure ( not matter what plugins do then ). The thing with removing the post data can actually harm current plugins, but the status will not.

So all in one, my description is wrong. Should include that this happens when plugins make a redirect after the user/password test.

--Main.EugenMayer

this change was reverted as 4xx is only for browser authentication, not for html authentication.

see Tasks:Item1029

-- SvenDowideit - 30 Apr 2010

ItemTemplate edit

Summary when the login is validated and it user/password is wrong, we return a 200 + the form -> changin to 403 + form
ReportedBy EugenMayer
Codebase 1.0.0, trunk
SVN Range Foswiki-1.0.0, Thu, 08 Jan 2009, build 1878
AppliesTo Engine
Component
Priority Normal
CurrentState Closed
WaitingFor
Checkins distro:9d14cf33f176
ReleasedIn
Topic revision: r7 - 30 Apr 2010, SvenDowideit
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy