I didn't mean to start a debate on what should happen. The real point is that a whole lot of web sites are pretty sloppily slapped together, and "deviations from standard" do happen frequently. Posted links also are often "just a little bit deviant."
The intended use for the 403 error is to indicate that the requested page is present, but you're not authorized to see it. It does often pop up when something else is the real problem. The 404 error also has a pretty specific defined use that's often very loosely, and often incorrectly, interpreted.
A couple of sites I visit occasionally give me a "404" when the real cause is a packet collision due to traffic. They've told me the page doesn't exist (wrong) but if I click it again it loads normally.
When you log in, most log-in pages will send you a cookie to show that you've been approved. Recommended practice (by some) is that the site should read-back the cookie to make sure you got it; but many sites don't bother. If your firewall, cookie blocker, etc., blocked the cookie, a site may tell you you've logged in when you didn't actually get your ticket punched. With most "blockers" you have the option whether you get notified when a cookie is blocked, so you may or may not know that this one got bounced.
If you use your "Back" button to exit the log-in page, you may load the prev page from memory instead of reloading from the site. In essence you've done a time warp back to B.C. (before cookie) and if you go from there to a page that requires a log-in you may get bounced. (Apparently a common "my login didn't work" happening on the 'cat?)
HTML pages can specify a character set, but many don't. While there is, nominally, a default char set if they don't specify one, there are many variations in what actually happens with an open char set. ANY character that isn't specifically included in the char set that the site is using can be read as a "wild card" and may be interpreted as code, key, etc. "other thing," or may just be ignored. Without seeing the code for a specific page - and the code for anything it calls - it's almost impossible to guess all the errors that can happen.
If it's on the web, you can't assume it's true. But you can interpret and verify (sometimes).