What are the standards for implementing HTTP headers for login success / fail reactions?
The header the server transmits is either the 200 OK or 401 refused status codes on failure or success.
See http://world wide web.w3.org/Methods/rfc2616/rfc2616-sec10.html Section 10.4.2 401 Unauthorized with this.
When delivering the 401, the server must send a
World wide web-Authenticate = "World wide web-Authenticate" ":" 1#challenge
to point what plan should be employed to authenticate.
See http://world wide web.w3.org/Methods/rfc2616/rfc2616-sec14.html Section 14.47 World wide web-Authenticate with this.
HTTP/1. 401 Unauthorized.
But lately I developed this "auth pattern": Very first time you go to the page you receive
401 and also the login screen. The moment one enters correct login data you obtain
200. Whenever your session expires or else you click logout you obtain
401 and also the login screen again. The login screen is definitely
401, almost every other page