{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 我命由我不由天 的问题《What status code should I use when session token i》','https://www.manongdao.com/q-612811.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
When creating a web service (RESTful), what status code should I use when session token is invalid? Currently the one in my company sends me a 404, not found, but I think this is not correct, because the resource exists. Maybe I should use 401 Unauthorized. What do you think? What status code do you recommend me to use in this scenario? Thanks.
相关问题
- Angular RxJS mergeMap types
- Design RESTful service with multiple ids
- Axios OPTIONS instead of POST Request. Express Res
- Plain (non-HTML) error pages in REST api
- Google Apps Script: testing doPost() with cURL
相关文章
- C#使用http访问网络,有办法用指定网卡访问网络嘛?
- Using JAX-WS 2.2.5 client with JDK/JRE 1.5
- Is a unicode user agent legal inside an HTTP heade
- Securing REST endpoint using spring security
- Cannot use org.jvnet.jax-ws-commons.jaxws-maven-pl
- Got ActiveRecord::AssociationTypeMismatch on model
- Multiple parameters in AngularJS $resource GET
- git: retry if http request failed
401 Unauthorized.
Your existing session token doesn't authorize you any more, so you are unauthorized.
Don't forget that a session token is just a short-cut to avoid having to provide credentials for every request.
Sending 404 is incorrect because, as you observe, the resource does exist. You just don't currently have authorization to see it.
NB Don't use 403 Forbidden; the HTTP specification defines it as follows: "The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated." That doesn't apply in this case as authorization WILL help.
Looking through the
HttpStatusCodeenum, I thinkUnauthorizedis probably the closest to what you're looking for.Take a look at the list there, and read the descriptions for each one.