Re: HTTP status code for "Password Expired"?

> After reviewing the HTTP/1.0 draft I was unable to find in the status
> codes section anything which I could use to report access authorization has
> been denied because the password given has expired.

There is not a separate status code for every possible error condition;
instead, there are codes for classes of problems and the content of the
message is used to explain the exact reason.  In this case, the response
should be some form of "Authorization Refused", but we seem to be lacking
one of those.  Do we need one?

In the mean time, use

   403 Forbidden

and include an explanation in the message body.

 ....Roy T. Fielding  Department of ICS, University of California, Irvine USA

Received on Wednesday, 10 May 1995 19:55:27 UTC