Quote from the HTTP specification for the 401 Unauthorised response (rfc2616 10.4.2):
"The response MUST include a WWW-Authenticate header field."
We rarely (if ever) do this, now.
~Grauw
Log in to post a comment.
