1. Login

HTTP 401 Unauthorized

The 401 Unauthorized HTTP status code indicates that the requested content requires authentication.

1302 views

Edited: 2019-10-13 04:10

A server might send a 401 Unauthorized HTTP header response if the requested Resource requires authentication, including if credentials has been provided but have failed authentication tests.

When responding with a 401, the response must also include a WWW-Authenticate header field.

In case a user tried to login on a web page using the HTTP authentication method, the 401 response code is the correct code to send – while 403 Forbidden is intended for when the server is refusing to fulfill the request, or for HTML form based logins. I.e.

The server understood the request, but is refusing to fulfill it.

Even though HTTP based authentication can be used, HTML form based logins are much more common in modern web applications.

Soft Authentication Errors

Since many hackers and spammers have automated tools to brute-force logins, you might not want to always deliver a response to HTTP requests. Creating unexpected responses can confuse malicious users, and sometimes effectively discourage them from attacking your site.

See also

  1. List of HTTP Response Codes

Share with your friends:

Tell us what you think:

  1. How You Should Use Multiple H1s in HTML
    An in-dept look at the use of headings (h1-h6) and sections in HTML pages.
  2. How to improve your website's pagination
    Pagination can be a confusing thing to get right both practically and programmatically. I have put a lot of thought into this subject, and here I am giving you a few of the ideas I have been working with.
  3. Trailing Question Mark in URLs
    The best way to deal with a trailing question mark is probably just to make it a bad request, because it is a very odd thing to find in a request URL.
  4. Auto-Include Width and Height on Img Elements With PHP
    How to optimize image-loading and automatically include width and height attributes on img elements with PHP.
  5. HTTP Headers are Case-Insensitive
    HTTP headers are not case-sensitive, so we are free to convert them to all-lowercase in our applications.

More in: Web development