W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1994

Re: 401 Unauthorized - can I use it?

From: Henrik Frystyk Nielsen <frystyk@ptsun00.cern.ch>
Date: Mon, 5 Dec 94 22:36:08 +0100
Message-Id: <9412052136.AA05230@ptsun03.cern.ch>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, zurko@osf.org
The 401 code is not tied to the basic  AA scheme. The WWW-Authenticate and WWW-Authorization
headers both are defined to contain extension tokens. HOwever, if you are sure that the 
server is not going to send the object to the client and the client shouldn't try again
then the right code to use is `403 Forbidden'. If using the basic AA the server should repeat
sending back a 401 code following the current spec.

Though the server can switch to a 403 code if multiple attempts have been tried, but this 
requires that the server keeps state of the connections whic his outside the scope of the
spec.

-- cheers --

Henrik
Received on Monday, 5 December 1994 13:36:42 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:09 EDT