_forwards to login controller. It could be refactored, no question,
but would that be the only option?
Thanks.
M.
On Fri, Mar 19, 2010 at 8:51 AM, Peter Warnock <petewarnock@gmail.com> wrote:
> Do capture the request uri, do a 301 redirect to the login page,
> authenticate, and redirect back to the request uri.
>
> A 401 is used to present an HTTP Auth dialog. It's more useful for REST
> APIs and the like that have login credentials sent with the request.
>
> - pw
>
> On Fri, Mar 19, 2010 at 12:45 AM, Marian Meres <marian.meres@gmail.com>
> wrote:
>>
>> Hello everyone,
>>
>> what kind of HTTP response codes would you suggest using when
>> accessing a page which requires user to be logged in and there is no
>> current identity present?
>>
>> Initially I thought about "401 Unauthorized", but the definition says:
>> "The response MUST include a WWW-Authenticate header field containing
>> a challenge applicable to the requested resource" where I'm not sure I
>> know what that means...
>>
>> I also thought about "403 Forbidden", but again from the definition:
>> "Authorization will not help and the request SHOULD NOT be repeated"
>> does not look like a good choice.
>>
>> Or forget it and stick with good old "200 OK"?
>>
>> Thanks,
>> M.
>>
>
>
没有评论:
发表评论