Hello everyone, what kind of HTTP response codes would you suggest using when accessing a page which requires user to be logged in and there is no current identity present?
Initially I thought about "401 Unauthorized", but the definition says: "The response MUST include a WWW-Authenticate header field containing a challenge applicable to the requested resource" where I'm not sure I know what that means... I also thought about "403 Forbidden", but again from the definition: "Authorization will not help and the request SHOULD NOT be repeated" does not look like a good choice. Or forget it and stick with good old "200 OK"? Thanks, M.
