So an Authen Handler can return a REDIRECT?
I use a 403 custom repsonse which is a self submitting
page (with non javascript handling)... By doing so it
prevent's any of the authentication pages appearing in
IE's back button on the browser...
Marty
--- Perrin Harkins <[EMAIL PROTECTED]> wrote:
> On Thu, 2005-11-10 at 16:20 +0000, John ORourke
> wrote:
> > You can avoid some redirection by having a
> non-HTTPS form which submits
> > to the HTTPS login page (although users might
> worry, no padlock icon).
> > Otherwise it's perfectly reasonable to redirect to
> a secure login. On
> > successful login simple 403 the user back to the
> page they wanted.
> > That's just one 403 per request.
>
> 403 means "Forbidden," not "Redirect."
>
> - Perrin
>
>
>
___________________________________________________________
To help you stay safe and secure online, we've developed the all new Yahoo!
Security Centre. http://uk.security.yahoo.com
