发表新帖
发表新帖

What is correct HTTP status code when redirecting to a login page?

前端 未结
关注
3 2079
温柔的废话
温柔的废话 2020-11-29 18:12

When a user is not logged in and tries to access a page that requires login, what is the correct HTTP status code for a redirect to the login page?

I am asking becau

3条回答
  • 感情败类
    感情败类 (楼主)
    2020-11-29 18:47

    I think the appropriate solution is the HTTP 401 (Not Authorized) header.

    http://en.wikipedia.org/wiki/HTTP_codes#4xx_Client_Error

    The purpose of this header is exactly this. But, instead of redirecting to a login page, the correct process would be something like:

    • User not logged try to access a login-restricted page.
    • system identifies user is not logged
    • system returns HTTP 401 header, AND display the login form in the same response (not a redirect).

    This is a good practice, like providing a useful 404 page, with sitemap links, and a search form for example.

    See you.

    0 讨论(0)
 看不清?
提交回复
热议问题