By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,906 Members | 1,744 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,906 IT Pros & Developers. It's quick & easy.

|OT| HTTP header response for invalid form inputs?

P: n/a
Is it necessary or is there any standard to send HTTP header status
for form inputs ? Say, the user is entering invalid password in login
form and now all the applications I have seen are just displaying error
messages above the form (with HTTP status 200); is it necessary to send
401 status in this case?

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Oct 2 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
R. Rajesh Jeba Anbiah wrote:
Is it necessary or is there any standard to send HTTP header status
for form inputs ? Say, the user is entering invalid password in login
form and now all the applications I have seen are just displaying
error messages above the form (with HTTP status 200); is it necessary
to send 401 status in this case?


The 401 header is generally only used with REALM authentication. When this
type of authentication isn't used, the HTTP 200 header is more appropriate,
because the page is found and the error is handled on the page itself.

Another reason for using HTTP headers is when the application responses are
interpreted by another application. A quick look at the status then will
give an indication of the success rate, without parsing the response body.
JW

Oct 2 '05 #2

P: n/a
R. Rajesh Jeba Anbiah wrote:
Is it necessary or is there any standard to send HTTP header status
for form inputs ? Say, the user is entering invalid password in login
form and now all the applications I have seen are just displaying error
messages above the form (with HTTP status 200); is it necessary to send
401 status in this case?


A 401 response should only be used if you're using HTTP authentication.

403 Forbidden might be more appropriate here.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

Oct 2 '05 #3

P: n/a
Toby Inkster wrote:
R. Rajesh Jeba Anbiah wrote:
Is it necessary or is there any standard to send HTTP header status
for form inputs ? Say, the user is entering invalid password in login
form and now all the applications I have seen are just displaying error
messages above the form (with HTTP status 200); is it necessary to send
401 status in this case?


A 401 response should only be used if you're using HTTP authentication.

403 Forbidden might be more appropriate here.


Thanks for your inputs. I really appreciate it. Thanks again.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Oct 2 '05 #4

P: n/a
Janwillem Borleffs wrote:
R. Rajesh Jeba Anbiah wrote:
Is it necessary or is there any standard to send HTTP header status
for form inputs ? Say, the user is entering invalid password in login
form and now all the applications I have seen are just displaying
error messages above the form (with HTTP status 200); is it necessary
to send 401 status in this case?


The 401 header is generally only used with REALM authentication. When this
type of authentication isn't used, the HTTP 200 header is more appropriate,
because the page is found and the error is handled on the page itself.

Another reason for using HTTP headers is when the application responses are
interpreted by another application. A quick look at the status then will
give an indication of the success rate, without parsing the response body.


Thanks for your insights. I was wondering if HTTP status code is
necessary in form processing. Thanks again.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Oct 2 '05 #5

P: n/a
"R. Rajesh Jeba Anbiah" <ng**********@rediffmail.com> wrote:
Is it necessary or is there any standard to send HTTP header status
for form inputs ? Say, the user is entering invalid password in login
form and now all the applications I have seen are just displaying error
messages above the form (with HTTP status 200); is it necessary to send
401 status in this case?


If you are using the HTTP basic or digest authentication (RFC 2616,
2617) 401 is the correct status code if the authentication failed.

If you are using an application based authentication, you should always
return a 200 status code and a page with a human readable description of
the problem ("Invalid login, please retry. Forgot your password? Click
here!" etc. etc.).

Regards,
___
/_|_\ Umberto Salsi
\/_\/ www.icosaedro.it

Oct 2 '05 #6

P: n/a
Umberto Salsi wrote:
"R. Rajesh Jeba Anbiah" <ng**********@rediffmail.com> wrote: <snip> If you are using an application based authentication, you should always
return a 200 status code and a page with a human readable description of
the problem

<snip>

Thanks a lot for the explanation; this is what I was confusing with.
Thanks again.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Oct 3 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.