P
Peter Hurford
If I'm on a page a.htm (say), which allows anonymous access, and
there's a bog-standard html anchor on the page, with href b.htm (say),
which requires authenticated access, my understanding is that the
following happens:
- on a.htm, user clicks on b.htm link
- browser requests b.htm anonymously
- server refuses page based on access denied (401 response)
- browsed automatically resubmits request having obtained credentials
for user
- assuming credentials ok, server serves b.htm
Now, my question is.... If instead of <a href='b.htm'>....</a>, I have
some javascript which gets fired when something is clicked, and which
says "document.location = 'b.htm';", would I expect the behaviour to
be any different?
It is kind of a leading question since I am looking at a bunch of web
server logs and one page in particular (loaded by javascript) looks
suspicious and is generating a lot of Access Denied errors on the
server (although by no means every time the page is requested). I
should probably add that the users in question are submitting
perfectly good credentials.
Just wondering if, after receiving the 401 response, the js function
will just "give up"?
Anyone know anything?
there's a bog-standard html anchor on the page, with href b.htm (say),
which requires authenticated access, my understanding is that the
following happens:
- on a.htm, user clicks on b.htm link
- browser requests b.htm anonymously
- server refuses page based on access denied (401 response)
- browsed automatically resubmits request having obtained credentials
for user
- assuming credentials ok, server serves b.htm
Now, my question is.... If instead of <a href='b.htm'>....</a>, I have
some javascript which gets fired when something is clicked, and which
says "document.location = 'b.htm';", would I expect the behaviour to
be any different?
It is kind of a leading question since I am looking at a bunch of web
server logs and one page in particular (loaded by javascript) looks
suspicious and is generating a lot of Access Denied errors on the
server (although by no means every time the page is requested). I
should probably add that the users in question are submitting
perfectly good credentials.
Just wondering if, after receiving the 401 response, the js function
will just "give up"?
Anyone know anything?