缺少身份验证的HTTP状态代码 [英] HTTP status code for missing authentication

问题描述

HTTP为 401 Unauthorized 定义了缺少身份验证的状态，但此状态仅适用于HTTP身份验证。当未经授权的请求发生时，我应该使用基于会话cookie的系统返回什么状态？

HTTP defines the status 401 Unauthorized for missing authentication, but this status only applies to HTTP authentication. What status should I return with a session cookie based system, when an unauthorized request happens?

推荐答案

正式，403 Forbidden是正确的响应。它定义为

Formally, 403 Forbidden is the right response. It's defined as

授权无效，请求不应重复。

Authorization will not help and the request SHOULD NOT be repeated.

令人困惑的部分可能是授权无效，但它们的确意味着HTTP身份验证（WWW-Authenticate）

The confusing part may be "Authorization will not help", but they really mean "HTTP authentication" (WWW-Authenticate)

这篇关于缺少身份验证的HTTP状态代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！