skip to Main Content

What type of redirect should I be using to redirect a user to a connection page if he needs to be authenticated before using one service of my website ?

Just to be sure using the right numbers for the crawler’s to witness what a good student I am !

2

Answers


  1. Available redirection statuses:

    301 Moved Permanently

    The 301 (Moved Permanently) status code indicates that the target
    resource has been assigned a new permanent URI.

    302 Found

    The 302 (Found) status code indicates that the target resource resides
    temporarily under a different URI.

    303 See Other

    The 303 (See Other) status code indicates that the server is
    redirecting the user agent to a different resource.

    304 Not Modified

    There is no need for the server to transfer a representation of the
    target resource because the request indicates that the client already
    has a valid representation.

    307 Temporary Redirect

    This status code is similar to 302 (Found), except that it does not
    allow changing the request method from POST to GET.

    308 Permanent Redirect

    This status code is similar to 301 (Moved Permanently), except that it
    does not allow changing the request method from POST to GET.

    Statuses 305 Use Proxy and 306 (Unused) are respectively deprecated and no longer used.

    So by default, I would choose the 303 See Other, since it’s the one that suits your needs the best.

    Login or Signup to reply.
  2. You should not redirect a user if he need to be logged in to view an URL.

    This URL should shoot a 401 status with a form to let your user log in directly. And then return him the content with an HTTP 200 on the same URL.

    Some information on 401 from HTTP specifications:

    401 Unauthorized

    The request requires user authentication. The
    response MUST include a WWW-Authenticate header field (section 14.47)
    containing a challenge applicable to the requested resource. The
    client MAY repeat the request with a suitable Authorization header
    field (section 14.8). If the request already included Authorization
    credentials, then the 401 response indicates that authorization has
    been refused for those credentials. If the 401 response contains the
    same challenge as the prior response, and the user agent has already
    attempted authentication at least once, then the user SHOULD be
    presented the entity that was given in the response, since that entity
    might include relevant diagnostic information. HTTP access
    authentication is explained in "HTTP Authentication: Basic and Digest
    Access Authentication" [43].

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search