what kind of HTTP response codes would you suggest using when
accessing a page which requires user to be logged in and there is no
current identity present?
Initially I thought about "401 Unauthorized", but the definition says:
"The response MUST include a WWW-Authenticate header field containing
a challenge applicable to the requested resource" where I'm not sure I
know what that means...
I also thought about "403 Forbidden", but again from the definition:
"Authorization will not help and the request SHOULD NOT be repeated"
does not look like a good choice.
Or forget it and stick with good old "200 OK"?
Thanks,
M.
没有评论:
发表评论