What are the standards for implementing HTTP headers for login success / fail reactions?

The header the server transmits is either the 200 OK or 401 refused status codes on failure or success.

See http://world wide web.w3.org/Methods/rfc2616/rfc2616-sec10.html Section 10.4.2 401 Unauthorized with this.

When delivering the 401, the server must send a

World wide web-Authenticate = "World wide web-Authenticate" ":" 1#challenge

to point what plan should be employed to authenticate.

See http://world wide web.w3.org/Methods/rfc2616/rfc2616-sec14.html Section 14.47 World wide web-Authenticate with this.

There's only HTTP/1. 401 Unauthorized.

But lately I developed this "auth pattern": Very first time you go to the page you receive 401 and also the login screen. The moment one enters correct login data you obtain 200. Whenever your session expires or else you click logout you obtain 401 and also the login screen again. The login screen is definitely 401, almost every other page 200.