P
Peter Judge
Guest
Do you want to know internally or do you want to tell the client that it's401/Expired instead of 401/Locked ? For the former you could just write to a log , but I'm not sure the latter is possible or desirable, since you don't really want to tell a client that the user does exist (which is what 'expired' would do, along with the fact that that the password passed in was correct).
Continue reading...
Continue reading...