|OT| HTTP header response for invalid form inputs?

R. Rajesh Jeba Anbiah

Is it necessary or is there any standard to send HTTP header status
for form inputs ? Say, the user is entering invalid password in login
form and now all the applications I have seen are just displaying error
messages above the form (with HTTP status 200); is it necessary to send
401 status in this case?

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Oct 2 '05 #1

Subscribe Post Reply

2599

Janwillem Borleffs

R. Rajesh Jeba Anbiah wrote:

Is it necessary or is there any standard to send HTTP header status
for form inputs ? Say, the user is entering invalid password in login
form and now all the applications I have seen are just displaying
error messages above the form (with HTTP status 200); is it necessary
to send 401 status in this case?

The 401 header is generally only used with REALM authentication. When this
type of authentication isn't used, the HTTP 200 header is more appropriate,
because the page is found and the error is handled on the page itself.

Another reason for using HTTP headers is when the application responses are
interpreted by another application. A quick look at the status then will
give an indication of the success rate, without parsing the response body.
JW

Oct 2 '05 #2

Toby Inkster

R. Rajesh Jeba Anbiah wrote:

Is it necessary or is there any standard to send HTTP header status
for form inputs ? Say, the user is entering invalid password in login
form and now all the applications I have seen are just displaying error
messages above the form (with HTTP status 200); is it necessary to send
401 status in this case?

A 401 response should only be used if you're using HTTP authentication.

403 Forbidden might be more appropriate here.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

Oct 2 '05 #3

R. Rajesh Jeba Anbiah

Toby Inkster wrote:

R. Rajesh Jeba Anbiah wrote:
Is it necessary or is there any standard to send HTTP header status
for form inputs ? Say, the user is entering invalid password in login
form and now all the applications I have seen are just displaying error
messages above the form (with HTTP status 200); is it necessary to send
401 status in this case?

A 401 response should only be used if you're using HTTP authentication.

403 Forbidden might be more appropriate here.

Thanks for your inputs. I really appreciate it. Thanks again.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Oct 2 '05 #4

R. Rajesh Jeba Anbiah

Janwillem Borleffs wrote:

R. Rajesh Jeba Anbiah wrote:
Is it necessary or is there any standard to send HTTP header status
for form inputs ? Say, the user is entering invalid password in login
form and now all the applications I have seen are just displaying
error messages above the form (with HTTP status 200); is it necessary
to send 401 status in this case?

The 401 header is generally only used with REALM authentication. When this
type of authentication isn't used, the HTTP 200 header is more appropriate,
because the page is found and the error is handled on the page itself.

Another reason for using HTTP headers is when the application responses are
interpreted by another application. A quick look at the status then will
give an indication of the success rate, without parsing the response body.

Thanks for your insights. I was wondering if HTTP status code is
necessary in form processing. Thanks again.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Oct 2 '05 #5

Umberto Salsi

"R. Rajesh Jeba Anbiah" <ng**********@rediffmail.com> wrote:

Is it necessary or is there any standard to send HTTP header status
for form inputs ? Say, the user is entering invalid password in login
form and now all the applications I have seen are just displaying error
messages above the form (with HTTP status 200); is it necessary to send
401 status in this case?

If you are using the HTTP basic or digest authentication (RFC 2616,
2617) 401 is the correct status code if the authentication failed.

If you are using an application based authentication, you should always
return a 200 status code and a page with a human readable description of
the problem ("Invalid login, please retry. Forgot your password? Click
here!" etc. etc.).

Regards,
___
/_|_\ Umberto Salsi
\/_\/ www.icosaedro.it

Oct 2 '05 #6

R. Rajesh Jeba Anbiah

Umberto Salsi wrote:

"R. Rajesh Jeba Anbiah" <ng**********@rediffmail.com> wrote: <snip> If you are using an application based authentication, you should always
return a 200 status code and a page with a human readable description of
the problem

<snip>

Thanks a lot for the explanation; this is what I was confusing with.
Thanks again.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Oct 3 '05 #7

Similar topics

Header help

by: DaRemedy | last post by:

Hiya, just need help with PHP headers. I have an index php page which has the following code within a header redirect: <?php if ( empty($_GET) ) if (empty($_GET) ) { $month = date(n);

PHP

HTTP - basic authentication example.

by: Michael Foord | last post by:

#!/usr/bin/python -u # 15-09-04 # v1.0.0 # auth_example.py # A simple script manually demonstrating basic authentication. # Copyright Michael Foord # Free to use, modify and relicense. #...

Python

HTTP/1.1 400 Bad Request

by: turnit $removethis$ | last post by:

I have a login form that uses the post method to carry the information to the next page. The form works just fine in ie6.0, but fails in mozilla and fails in ie5.2 on a mac. "HTTP/1.1 400 Bad...

ASP / Active Server Pages

% in ENTITY declaration

by: Ronald Fischer | last post by:

Could someone explain to me what is the difference between <!ENTITY % Foo 'Bar' > and <!ENTITY Foo 'Bar' > From my understanding, the "macro" Foo has to be referenced in the first case...

.NET Framework

How to Remove Http header from http response

by: Vivek Mehta | last post by:

I want to receive XML stream generated at another URL however when I try to load the XML it errors out with one error or the other. I beleive this XML comes back with HTTP header which actually...

.NET Framework

is this correct

by: Darklight | last post by:

Q6: Write a function that accepts two strings. Count the number of characters in each, and return a pointer to the longer string. and please comment /* LEN_STRING.C PROGRAM TO RETURN LONGEST...

C / C++

HTTP problem, wrong characters sent (HTTP pro's needed!)

by: webEater | last post by:

Hey, I am writing a file that reads in an external file in the web and prints it out including the response header of the http protocol. I do this to enable cross domain XMLHttpRequests. I...

PHP

Software testers wanted - I still need 1 more

by: john | last post by:

To test a new piece of software designed to help with (among other things) eCommerce WWW site development. The software is fairly easy to use but you must fit a profile. Retail price is 120 GBP and...

PHP

HTTP Object and Retrieving HTML Programatically

by: =?Utf-8?B?UGF1bA==?= | last post by:

I am using ASP.Net 2.0 and VB.Net (although C#is ok also). I want to create an object/method/function that will take a URL as an input parameter and then return all of the HTML in that page. I...

ASP.NET

Merging data from multiple Excel files

by: ryjfgjl | last post by:

In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...

Data Management

Migrating Website to Cloud - Emmanuel Katto

by: emmanuelkatto | last post by:

Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel

General

Navigating the Data Structures and Algorithms (DSA)

by: BarryA | last post by:

What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...

Algorithms / Advanced Math

Looking to do Android software development, any suggestions? Is flutter better?

by: nemocccc | last post by:

hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

General

Is that possible of reading the .csv file in column wise and the column have different lengths ?

by: Sonnysonu | last post by:

This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

C / C++

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...

Windows Server