<p><divclass="noteclassic">When a user access a Handler without a cookie, he is redirected on portal, and the target <abbrtitle="Uniform Resource Locator">URL</abbr> is encoded in redirection <abbrtitle="Uniform Resource Locator">URL</abbr> (to redirect user after authentication process).
To encode the redirection <abbrtitle="Uniform Resource Locator">URL</abbr>, the handler will use some Apache environment variables and also configuration settings:
<liclass="level1"><divclass="li"><strong>HTTPS</strong>: use https as protocol</div>
</li>
<liclass="level1"><divclass="li"><strong>Port</strong>: port of the application (by default, 80 for http, 443 for https)</div>
</li>
</ul>
<p>
These parameters can be configured in Manager, in <code>General Parameters</code>><code>Advanced parameters</code>><code>Handler redirections</code>.
<p><divclass="notetip">These settings can be overriden per virtual host, see <ahref="../../documentation/1.9/configvhost.html"class="wikilink1"title="documentation:1.9:configvhost">virtual host management</a>.
It is also possible to redirect the user without using <code>ErrorDocument</code>: the Handler will not return 403, 500, 503 code, but code 302 (REDIRECT).
The user will be redirected on portal <abbrtitle="Uniform Resource Locator">URL</abbr> with error in the <code>lmError</code><abbrtitle="Uniform Resource Locator">URL</abbr> parameter.
These parameters can be configured in Manager, in <code>General Parameters</code>><code>Advanced parameters</code>><code>Handler redirections</code>:
</p>
<ul>
<liclass="level1"><divclass="li"><strong>Redirect on forbidden</strong>: use 302 instead 403</div>
<p><divclass="noteclassic">If a user is redirected from handler to portal for authentication and once he is authenticated, portal redirects him to the redirection <abbrtitle="Uniform Resource Locator">URL</abbr>.
The redirection from portal can be done either with code 303 (See Other), or with a JavaScript redirection.
</p>
<p>
Often the redirection takes some time because it is user's first access to the protected app, so a new app session has to be created : JavaScript redirection improves user experience by informing that authentication is performed, and by preventing from clicking again on the button because it is too slow.