A 401 is used to present an HTTP Auth dialog. It's more useful for REST APIs and the like that have login credentials sent with the request.
- pw
On Fri, Mar 19, 2010 at 12:45 AM, Marian Meres <marian.meres@gmail.com> wrote:
Hello everyone,
what kind of HTTP response codes would you suggest using when
accessing a page which requires user to be logged in and there is no
current identity present?
Initially I thought about "401 Unauthorized", but the definition says:
"The response MUST include a WWW-Authenticate header field containing
a challenge applicable to the requested resource" where I'm not sure I
know what that means...
I also thought about "403 Forbidden", but again from the definition:
"Authorization will not help and the request SHOULD NOT be repeated"
does not look like a good choice.
Or forget it and stick with good old "200 OK"?
Thanks,
M.
没有评论:
发表评论