Admin Area
Moderator: General Moderators
Admin Area
Whats the best way to secure an admin only area. If a user logins but doesn't have permissions to the admin area, and they try and access it directly e.g. http://www.mydomain.com/admin/users. Is there an error code you can use that basically says you don't have access to this area. I was thinking of the 401, but that seems to only be if they have entered an incorrect username and password combination.
- greyhoundcode
- Forum Regular
- Posts: 613
- Joined: Mon Feb 11, 2008 4:22 am
Re: Admin Area
403 Forbidden possibly?
To be honest, I never change the HTTP status code in these situations, I just reroute to the login controller and provide an error message.
To be honest, I never change the HTTP status code in these situations, I just reroute to the login controller and provide an error message.
Re: Admin Area
But if the user is already logged in, and then they try and access it, but they don't have the requried userlevel what do i do then?
- greyhoundcode
- Forum Regular
- Posts: 613
- Joined: Mon Feb 11, 2008 4:22 am
Re: Admin Area
How about a message saying, "Sorry - you don't have permission to use this feature - click here to return to the home page." Or similar.