Posted by Umberto Salsi on 10/02/05 21:44
"R. Rajesh Jeba Anbiah" <ng4rrjanbiah@rediffmail.com> wrote:
> Is it necessary or is there any standard to send HTTP header status
> for form inputs ? Say, the user is entering invalid password in login
> form and now all the applications I have seen are just displaying error
> messages above the form (with HTTP status 200); is it necessary to send
> 401 status in this case?
If you are using the HTTP basic or digest authentication (RFC 2616,
2617) 401 is the correct status code if the authentication failed.
If you are using an application based authentication, you should always
return a 200 status code and a page with a human readable description of
the problem ("Invalid login, please retry. Forgot your password? Click
here!" etc. etc.).
Regards,
___
/_|_\ Umberto Salsi
\/_\/ www.icosaedro.it
[Back to original message]
|