Hi all,
I have what is mainly an IE6 problem, but Tomcat is contributing by serving up 304s to requests whose authentication (FORM or BASIC) has expired. This seems to me to be in violation of the HTTP/1.1 spec:
"If the client has performed a conditional GET request /and access is allowed/, but the document has not been modified, the server SHOULD respond with this status code."
Specifically, the problem is arising because Tomcat is serving a 304 for the *page*, but 403s for the page's linked stylesheet & javascript files (in a separate webapp but under the same access control, & single-signon turned on), which causes ugliness. This is almost certainly IE's fault, for issuing different sorts of GETs, but Tomcat *still* (IMHO) shouldn't be doing *anything* with an unauthenticated request for a protected resource other than trying to authenticate the user.
B*g, or user error? Comments appreciated,
alex.
-- ___________________________________________________________________ | Alexander Dosher...Proletarian Intellectual, American Art Fascism | | S.J. Earthquakes...Chelsea FC...Ukraine...Neue Slowenische Kunst | | | | "There was port later." - Arthur Machen, _The Bright Boy_ | |___________________________________________________________________|
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
