well, i configured a servlet filter that intercepts all url request if there is session associated with it. If not, they are redirected to the login page. For non-xmlhttprequest, this works fine. But when I issue an ajax request, i cannot get hold of the 302 http response. The browser is handling it for me, and what i get is an xhr status of 200. Is my observation, correct?