That would depend a lot on how you're securing your app. In my particular
case, I don't use sessions to hold security info, but if I did and somebody
requested a resource without having valid auth info in the session, I'd
probably throw an exception. That would make Jersey return a response code
of 500 except that I'd write an ExceptionMapper for it and turn it into a
401, the appropriate response to an unauthenticated request to a secure
resource.
On Tue, Apr 26, 2011 at 12:29 PM, Arthur Yeo <artyyeo_at_gmail.com> wrote:
> All,
> What's the HTTP status code returned to the browser when a session expires
> in Jersey?
> --
> Arthur Y.
>