Re: [fw-auth] HTTP response code when not logged in

 

On Fri, Mar 19, 2010 at 7:46 AM, Matthew Weier O'Phinney <matthew@zend.com> wrote:

I've used a 401 error code quite a number of times, and consider it
perfectly valid. While the spec indicates the WWW-Authenticate header is
required, I have yet to see a browser that acts on it, nor can I think
of any apps off hand that actually use it; I certainly haven't seen any
negative side-effects from not supplying it.

So, based on that anecdotal evidence... I'd go ahead and use it.

On Fri, Mar 19, 2010 at 1:16 AM, Marian Meres <marian.meres@gmail.com> wrote:
Thing is, the app I'm working on does not redirect, but internally
_forwards to login controller. It could be refactored, no question,
but would that be the only option?

Thanks.
M.

I don't think a refactor is necessary. Like Matthew said, just throw the 401. The spec is most applicable to working with an HTTP client like curl that anticipates the Auth dialog so that it can respond with credentials.

- pw