Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am writing a small website. There is PHP session based authorization. What HTTP response code should I send, if a user doesn’t have access to a certain page?
Is 412 Precondition Failed a good idea? I think 401 Unauthorized is good only for a http authorization. 400 Bad Request and 403 Forbidden looks too general.
403 Forbiddenmeans “the name/password you gave is invalid for this URL” – that’s what you want.401 Unauthorizedmeans “give me name and password”.412 Precondition Failedis something completely different (related to conditional requests; see the RFC)and
400 Bad Requestmeans “huh? what are you talking about?” (request is malformed and server doesn’t know what to do with it)See also: RFC 2616 – HTTP 1.1
Note: If you want to show your own “you are not allowed to do this” page, make sure that it’s over 512 bytes, else IE will show its own, so-called friendly error message instead (see e.g this and this).