I have a situation where I test for the validity of a session ID and on failure I would redirect to a error page. Should I use status code 301 (permenant) or 307(temporary)?
Remember search engines will never see this content, because you must be authenticated first, however, the document has not truly moved, it's only just unavailable to un-authenticated user agents.
What says you?
301 or 307 redirect
Moderator: General Moderators
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: 301 or 307 redirect
Shouldn't you be using a 403 instead?
(Tip: redirects can happen for any status code, not just the 3xx range.)
(Tip: redirects can happen for any status code, not just the 3xx range.)
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: 301 or 307 redirect
Interesting, cause I was just thinking 401 Not authorized ?
http://www.checkupdown.com/status/E403.html
http://www.checkupdown.com/status/E403.html
Not the entire web site though, so maybe a 403 is more appropriate?If the entire Web site is actually secured in some way (is not open at all to casual Internet users), then an 401 - Not authorized message could be expected. It is possible, but unlikely, that the Web server issues an 403 message instead.
Re: 301 or 307 redirect
It's kind of a fuzzy line, but I'd say 401 is to block anonymous users and 403 is for an authenticated user who's not allowed (which implies that their current authentication allows them access to other areas).
Point is, you can redirect for a 4xx code too.
Point is, you can redirect for a 4xx code too.