{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 The star\" 的问题《HTTP status code for missing authentication》','https://www.manongdao.com/q-1235329.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
HTTP defines the status 401 Unauthorized for missing authentication, but this status only applies to HTTP authentication. What status should I return with a session cookie based system, when an unauthorized request happens?
相关问题
- Angular RxJS mergeMap types
- Design RESTful service with multiple ids
- Axios OPTIONS instead of POST Request. Express Res
- Plain (non-HTML) error pages in REST api
- Google Apps Script: testing doPost() with cURL
相关文章
- C#使用http访问网络,有办法用指定网卡访问网络嘛?
- Is a unicode user agent legal inside an HTTP heade
- Got ActiveRecord::AssociationTypeMismatch on model
- Multiple parameters in AngularJS $resource GET
- git: retry if http request failed
- Flutter - http.get fails on macos build target: Co
- Global Exception Handling in Jersey & Spring?
- REST search interface and the idempotency of GET
You can make use of a test condition and pass on the
Error code: 401.1-Logon failed. The logon attempt is unsuccessful, probably because of a user name or password that is not valid.
Which is specifically used for the incorrect password or mismatched user name and password. Hope this helps you.
403 I believe is technically correct (and probably most effective if you are implementing a custom API / protocol).
401 is not appropriate as it refers to authorization with a WWW-Authenticate header, which a session cookie is not.
If this is a public facing website where you are trying to deny access based on a session cookie, 200 with an appropriate body to indicate that log in is needed or a 302 temporary redirect to a log in page is often best.
Formally, 403 Forbidden is the right response. It's defined as
The confusing part may be "Authorization will not help", but they really mean "HTTP authentication" (WWW-Authenticate)