My fault guys, not looking up the numbers - Martin is your admin complaining about too many FORBIDDENs or REDIRECTs?

The only thing I can add is that I'd recommend not using the authentication pages/handler to redirect - make yourself an Access phase (eg. "if no valid cookie, redirect to HTTPS login page with appropriate parameters").

John


Perrin Harkins wrote:
On Thu, 2005-11-10 at 17:19 +0000, Martin Moss wrote:
  
So an Authen Handler can return a REDIRECT?

I use a 403 custom repsonse which is a self submitting
page (with non _javascript_ handling)... By doing so it
prevent's any of the authentication pages appearing in
IE's back button on the browser...
    

Reply via email to