From b2bf4eb542bd3176d35ea22470ccaba2af91da5e Mon Sep 17 00:00:00 2001
From: Kevin Chung <kchung@nyu.edu>
Date: Sat, 6 Jun 2020 23:50:55 -0400
Subject: [PATCH] Change expired session token error to be 401

---
 CTFd/utils/user/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CTFd/utils/user/__init__.py b/CTFd/utils/user/__init__.py
index 6746fcd3..352f61ba 100644
--- a/CTFd/utils/user/__init__.py
+++ b/CTFd/utils/user/__init__.py
@@ -24,7 +24,7 @@ def get_current_user():
             if session_hash != hmac(user.password):
                 logout_user()
                 if request.content_type == "application/json":
-                    error = 403
+                    error = 401
                 else:
                     error = redirect(url_for("auth.login", next=request.full_path))
                 abort(error)