Dan Bezdek wrote: > There is no standard way of indicating login success.
The same is true for authentication failure, actually. I have seen webservices (from SAP) returning an HTML (yuck!) form to the webservice client to inform them that their password has expired... > The server application writer can do whatever they like. Well... HTTP defines status codes 401 Unauthorized and 403 forbidden to signal failed authentication. Both of them may contain a response entity e.g. HTML form. So applications that on authentication failure return status 200 and an error message are misbehaving in terms of the HTTP protocol. Unfortunately this is common practice (even with webservices). Ortwin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
