W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1995

Re: HTTP status code for "Password Expired"?

From: Roy T. Fielding <fielding@avron.ICS.UCI.EDU>
Date: Wed, 10 May 1995 19:49:26 -0700
To: matthew noell <matt@caladan.sps.mot.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <9505101949.aa15400@paris.ics.uci.edu>
> After reviewing the HTTP/1.0 draft I was unable to find in the status
> codes section anything which I could use to report access authorization has
> been denied because the password given has expired.

There is not a separate status code for every possible error condition;
instead, there are codes for classes of problems and the content of the
message is used to explain the exact reason.  In this case, the response
should be some form of "Authorization Refused", but we seem to be lacking
one of those.  Do we need one?

In the mean time, use

   403 Forbidden

and include an explanation in the message body.

 ....Roy T. Fielding  Department of ICS, University of California, Irvine USA
                                       <fielding@ics.uci.edu>
                      <URL:http://www.ics.uci.edu/dir/grad/Software/fielding>
Received on Wednesday, 10 May 1995 19:55:27 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:21 EDT