This content has been marked as final.
Show 1 reply
-
1. Re: Form based authentication status code always 200 despite failure
dlofthouse Oct 5, 2016 5:45 AM (in response to harish_k_s007)This is the status code as defined within the Servlet specification, this was changed after version 2.3 of the servlet specification.
The reason for this is the 401 status code is a special signal to the browser that it is being challenged to authenticate, the browser then inspects the HTTP headers to decide how it can do that - in the case of a failed FORM authentication that is not appropriate.