DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14616>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14616 Redirects should be issued prior to authentication challenges Summary: Redirects should be issued prior to authentication challenges Product: Tomcat 4 Version: 4.0.6 Final Platform: All OS/Version: All Status: NEW Severity: Normal Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] 4.0.6 exhibits this wrong behavior: GET /foo -> 401 GET /foo with auth -> 301 to /foo/ GET /foo/ with auth -> 200 GET /bar with auth .. (browser will send auth to other realms!) It should exhibit this correct behavior (as Apache does): GET /foo -> 301 to /foo/ GET /foo/ -> 401 GET /foo/ with auth -> 200 GET /bar WITHOUT auth Otherwise, browsers will cache and send auth information for the entire domain and not just a protected directory. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
