lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Wed, Oct 6, 2010 at 1:06 PM, Fabio Mascarenhas <mascarenhas@acm.org> wrote:
>> 403? As in "don't even try, I'm not going to give it to you"
>
> I think this would be a good response to a forged authentication
> token, but is certainly undesirable if the token has just expired. :-)

- 403 is also an appropriate response to a valid token when trying to
access something beyond it's authorization (think normal users trying
to go to an admin-only page)

- an expired toke should (imho) be equivalent to no token at all.

-- 
Javier