[LON-CAPA-admin] Error - Request forbidden

Guy Albertelli II guy at albertelli.com
Sat Mar 25 14:41:48 EST 2006

Hi Mark,

> Thanks - this is really good to know. I'll ask the student. In the 
> meantime, I have checked the logs and actually see the 403 response 
> heading out from the machine (at least I think that's the interpretation).

Yep this is how lon-capa (and other web apps work)

We a user access a page that they aren't allowed to see we send out an
http error code of 403, and then send an error page which is the login

In the grand majority of the cases, the webbrowser displays the error
page we sent (whihc once again is just the login screen)

The user fills in the fields and hists submit this time we
authenticate the user and send back a 200 and the page they wanted.

This is how most web apps that want authenticated use work (otherwise
we'd have to go off the  browser internal authentication mechanism
which is that little popup window which has numerous drawbacks).

Now sicne this not an uncommon mechanism for web apps to work, some
malware try to intercpet these login screen requests and replace it
with their own annoying mechanism to highjack the browser.

In fact we got enough of these complaints from studetns it's FAQ #2 on
you FAQ for students page:

guy at albertelli.com   0-7-1-8-27,137

More information about the LON-CAPA-admin mailing list