Christopher Schultz wrote:
Also, you could set the error page that is used when a user doesn't have the proper credentials to something that gives you the opportunity to re-login in order to access the forbidden resource. When you want to log someone out of BASIC authentication, you have to send a blank "WWW-Authenticate" header to the client, just the same way that Tomcat would do if you weren't already authenticated.
Is there a way to tell Tomcat to send a blank "WWW-Authenticate" header to the client when authorization fails? I would like to not use FORM authentication. thanks for any help --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
