Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
Form Based Authentication 1.0.10
-
None
Description
Add a config option to the form authentication handler to prefer sending the reason_code as a request parameter instead of the reason text when redirecting to the login page.
Sending the reason code as a request parameter should be safer, especially if your custom login page was echoing the reason text to the screen. The custom login page script can then calculate the reason text to show in the UI by matching the reason codes against the well-known failure reason codes and fallback to some default reason text for anything invalid.