当会话令牌无效时，我应该使用什么状态码？ [英] What status code should I use when session token is invalid?

问题描述

创建Web服务（RESTful）时，会话令牌无效时我应该使用什么状态代码？
目前我公司的那个给我发了404，没找到，但我认为这不正确，因为资源存在。
也许我应该使用401 Unauthorized。
您怎么看？您建议我在此方案中使用什么状态代码？谢谢。

When creating a web service (RESTful), what status code should I use when session token is invalid? Currently the one in my company sends me a 404, not found, but I think this is not correct, because the resource exists. Maybe I should use 401 Unauthorized. What do you think? What status code do you recommend me to use in this scenario? Thanks.

推荐答案

401未经授权。

您现有的会话令牌没有不再授权你，所以你是未经授权的。

Your existing session token doesn't authorize you any more, so you are unauthorized.

不要忘记会话令牌只是一个捷径，以避免为每个请求提供凭据。

Don't forget that a session token is just a short-cut to avoid having to provide credentials for every request.

发送404不正确，因为正如您所见，资源确实存在。您目前无权查看。

Sending 404 is incorrect because, as you observe, the resource does exist. You just don't currently have authorization to see it.

注意不要使用403 Forbidden; HTTP规范将其定义如下：服务器理解请求，但拒绝履行请求。授权无效，请求不应重复。在这种情况下，这不适用，因为授权会有所帮助。

NB Don't use 403 Forbidden; the HTTP specification defines it as follows: "The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated." That doesn't apply in this case as authorization WILL help.

这篇关于当会话令牌无效时，我应该使用什么状态码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！