Reputation: 3139
HTTP headers for AJAX/ denied authentication?
I would like to know what is best practice with AJAX authentication process.
When authentication is valid I return HTTP header 200 with response "ok" What HTTP header do I need to send from server if authentication is NOT valid.
- Do I need to set HTTP header to code 500 (ERROR)
- or leave it on 200 and implement logic which checks response variable?
Upvotes: 2
Views: 242
Answers (2)
Reputation: 46008
How about returning HTTP401?
You can handle in in AJAX error handler and redirect the whole page to login screen, if it's your requirement.
$.ajax({
statusCode: {
401: function() {
alert("User not logged in");
}
}
});
Upvotes: 1
Reputation: 13780
You don't want to send a 500 error, since that implies an unexpected server-side error that is not caused by the user.
You'll want to read up on the rfc spec for status codes:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
4XX status codes are for client errors, which is where you'll want to be looking. In your case, you could use 401 if authentication failed, and 403 if that user is not allowed to view the resource.
Upvotes: 2
Related Questions
- Use basic authentication with jQuery and Ajax
- Using Authorization Header in Javascript
- Auth headers not working ajax 401 Unauthorized
- Ajax authentication with jQuery
- Using http basic authentication with Ajax call
- Why my server ignores the authentication headers from an ajax request?
- JQuery Ajax Basic Authentication Header doesn't work correctly
- JQuery Ajax calls with HTTP Basic Authentication
- Sending authorization headers with jquery and ajax
- jQuery HTTP authentication