This might be bad form to complain about this functionality this late in
the game, but conceptually I have a hard time justifying the
two-web-log-hits effect of error response redirects. I.e., when I access
a protected area under a bogus username/password:
fully - asdfsaf [19/Apr/1995:01:03:05 -0700] "GET /Login/ HTTP/1.0" 401 -
fully - asdfsaf [19/Apr/1995:01:03:05 -0700] "GET /401.html" 200 703
The problem is that the second one, when not in the context of the first,
looks like a valid user "asdfsaf" accessed a page under authentication.
I'd have to tell my scripts "no, no, toss out all accesses to 401.html
before doing any user-based analysis".
What do people think?
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com brian@hyperreal.com http://www.[hyperreal,organic].com/
the game, but conceptually I have a hard time justifying the
two-web-log-hits effect of error response redirects. I.e., when I access
a protected area under a bogus username/password:
fully - asdfsaf [19/Apr/1995:01:03:05 -0700] "GET /Login/ HTTP/1.0" 401 -
fully - asdfsaf [19/Apr/1995:01:03:05 -0700] "GET /401.html" 200 703
The problem is that the second one, when not in the context of the first,
looks like a valid user "asdfsaf" accessed a page under authentication.
I'd have to tell my scripts "no, no, toss out all accesses to 401.html
before doing any user-based analysis".
What do people think?
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com brian@hyperreal.com http://www.[hyperreal,organic].com/