4

I have a page that posts something to the server via AJAX. The server side script returns status code 401 if the user is not logged or if the user has no right to post. The problem is, the browser prompts the user with a login dialog and we have no power to suppress that. Is it okay to alter 401 with 500? If no, what appropriate, generic or custom code can I use instead?

Improve this question

1 Answer 1

Reset to default
4

A similar question was asked on the Webmasters StackExchange. 401 is used for HTTP authentication, 407 is used for proxy authentication, and both are different from what you are using which is form-based authentication. You could certainly return 500 - Internal Server error when the user is not logged-in, however the post I mentioned recommends using 403 - Forbidden. A list of HTTP status codes and their meaning can be found here.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

401: "The server understood the request, but is refusing to fulfill it. Authorization will not help and... " It says authorization will not help, what does it mean?
It seems like 403 means that whoever the user is, the resource is still forbidden, is that correct?
He states about 'Authorization will not help', that "this should.. be understood.. as referring to.. protocol level authorization mechanisms" aka HTTP authentication. In other words, HTTP authorization will not help, but some other type of authorization such as form-based could. Even though it states that the request SHOULD NOT be repeated, that does not mean a new and different request for re-authorization can't be done.
So there are types of authentications... Thanks!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.