Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Shipped
Workspace Domino
Created by Guest
Created on Jul 16, 2018

Let Domino answer with Status 401 when Login Form gets showed

When you don't have a valid authenticated session, the domino server automatically responds with the login form.

The HTTP Status Code of this response however is "200 - OK".

For consuming client code (e.g. in case of using Domino as a REST backend) this means interpreting every response body and checking for a login form, just to know if you're still logged in. This could be made so much easier if Domino would answer with Status Code 401, which is an error code and gets handled as such by most client frameworks.

 

Christian Kahlau, sirius-net GmbH

  • Attach files
  • Guest
    Reply
    |
    Jul 23, 2018

     Ah, you are correct that 401 is unauthorized, a different header says the style of login desired, basic, negotiate, etc.  I over simplified this.

     

    Currently we have this notes.ini that will respond with a 401 when we produce the login form.  Making it the default or altering it to only work for redirections is an enhancement we can consider.

     

               -Mike

  • Guest
    Reply
    |
    Jul 23, 2018

    This, imho, is not correct.

    The 401 response is not meant to say anything about "Basic" authentication or any other authentication method. It just tells you "You're not authenticated".

    And no - the browser does not request the login form in most of all cases - it requests a resource that could not be delivered because of missing authentication, and therefore it get's "redirected" to the login form. Which is not the expected behaviour and so it is an error and must be flagged by an error status code.

    I would agree that when you request "/names.nsf?Login" there must not be a 401 response. But in any other case it is a MUST!

     

    - Christian (OP)

  • Guest
    Reply
    |
    Jul 19, 2018

    The 401 response code is meant to indicate to the browser that we want to initiate basic authentication.  That's not what we're doing here.  In this case, a browser has requested a form, we successfully found the form and responded with a '200 OK'.

     

    The 200 code is really the correct response.  The notes.ini will override it however.

     

                 -Mike

  • Guest
    Reply
    |
    Jul 18, 2018

    @Mike: Thanks for sharing this information.

    But ... my point of view is: a web server should answer with the correct status code with no special configuration settings.

    And ... I am not the submitter of this idea.

  • Guest
    Reply
    |
    Jul 16, 2018

    SPR MKINAPTR77 introduced a new notes.ini in 901FP10.

     

    DOMINO_FORCE401_WITH_HTML_LOGIN_PAGE

                -Mike