When the password entered by the client is wrong, what is the http status code returned by the server? 401 or 200? Thank you. i have responsed to client 403,they said 403 is wrong,then the 200 is right
Asked
Active
Viewed 116 times
-4
-
2Definitely not 200 if the password is wrong. Look up HttpStatusCodes. – Rich Apr 25 '18 at 01:45
2 Answers
0
HTTP status codes are typically set by code running on the server, or are determined by configuration of the web server, so the answer to your question is implementation-dependent.
That being said, I believe you are asking about the conventional use of these codes. Again, it depends what kind of application
For a web service that requires authentication, it is normal to return 403 (and no body) for an unauthorized request.
For a web site that that requires a static form of authentication, such as client certificates or AD identity, 403 is also pretty common.
For a web site that requires a signon, and has its own signon page, it is normal to return a 200, accompanied by a body containing HTML that allows the user to try again.
John Wu
- 50,556
- 8
- 44
- 80
-
I'd argue that for the first two cases, 401 is way more conventional than 403. It's also in line with the [spec](https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html). – Robby Cornelissen Apr 25 '18 at 01:59
0
It returns 401 (Unauthorized) status code.
The 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource.
Mehadi Hassan
- 1,160
- 1
- 13
- 33