Whenever a user isn't drenched in and attempts to access an page that needs login, what's the correct HTTP status code for any redirect towards the login page?

I do not believe the 3xx fit that description.

10.3.1 300 Multiple Options

The asked for resource corresponds to any kind of some representations, each using its own specific location, and agent- driven settlement information (section 12) has been provided to ensure that the consumer (or user agent) can choose a frequent representation and redirect its request to that particular location.

Unless of course it had been a Mind request, the response Will include an entity that contains a listing of resource qualities and placement(s) from that the user or user agent can pick the one most suitable. The entity format is per the media type succumbed this content- Type header area. Based upon the format and also the abilities of

the consumer agent, selection of the very appropriate choice Might be carried out instantly. However, this specs doesn't define any standard for such automatic selection.

When the server includes a preferred choice of representation, it will include the particular URI for your representation within the Location area user agents Could use the place area value for automatic redirection. This fact is cacheable unless of course indicated otherwise.

10.3.2 301 Moved Permanently

The asked for resource continues to be designated a brand new permanent URI and then any future references for this resource SHOULD use among the came back URIs. Clients with link editing abilities must instantly re-link references towards the Request-URI to 1 or a lot of new references came back through the server, where possible. This fact is cacheable unless of course indicated otherwise.

The brand new permanent URI Ought to be given through the Location area within the response. Unless of course the request method was Mind, the entity from the response SHOULD have a short hypertext note having a hyperlink towards the new URI(s).

When the 301 status code is received in reaction to a request apart from GET or Mind, the consumer agent Mustn't instantly redirect the request unless of course it may be confirmed through the user, because this might alter the conditions to which the request was released.

  Note: When instantly redirecting a Publish request after

  getting a 301 status code, some existing HTTP/1. user agents

  will erroneously change it out right into a GET request.

10.3.3 302 Found

The asked for resource resides temporarily within different URI. Because the redirection may be changed occasionally, the customer SHOULD continue using the Request-URI for future demands. This fact is only cacheable if shown by a Cache-Control or Expires header area.

The temporary URI Ought to be distributed by the place area within the response. Unless of course the request method was Mind, the entity from the response SHOULD have a short hypertext note having a hyperlink towards the new URI(s).

When the 302 status code is received in reaction to a request apart from GET or Mind, the consumer agent Mustn't instantly redirect the request unless of course it may be confirmed through the user, because this might alter the conditions to which the request was released.

  Note: RFC 1945 and RFC 2068 specify the client isn't permitted

  to alter the technique around the rerouted request.  However, most

  existing user agent implementations treat 302 as though it

were a 303 response, carrying out a Access it the place area-value regardless from the original request method. The status codes 303 and 307 have been added for servers that desire to make unambiguously obvious which type of reaction is anticipated from the client.

10.3.4 303 See Other

The reaction to the request could be found within different URI and really should be retrieved utilizing a GET method on that resource. This process is available mainly to permit the creation of a Publish-triggered script to redirect the user agent to some selected resource. The new URI isn't a substitute reference for that initially asked for resource. The 303 response Mustn't be cached, however the reaction to the 2nd (rerouted) request may be cacheable.

The various URI Ought to be distributed by the place area within the response. Unless of course the request method was Mind, the entity from the response SHOULD have a short hypertext note having a hyperlink towards the new URI(s).

  Note: Many pre-HTTP/1.1 user agents don't realize the 303

  status. When interoperability with your clients is really a concern, the

  302 status code might be used rather, because most user agents react

  to some 302 response as referred to for 303.

10.3.5 304 Not Modified

When the client has carried out a conditional GET request and access is permitted, however the document is not modified, the server SHOULD respond with this particular status code. The 304 response Mustn't have a message-body, and therefore is definitely ended through the first empty line following the header fields.

The response MUST range from the following header fields:

  - Date, unless of course its omission is needed by section 14.18.1 If your

clockless origin server obeys these rules, and proxies and clients add their very own Date to the response received with out them (as already per [RFC 2068], section 14.19), caches will operate properly.

  - ETag and/or Content-Location, when the header could have been sent

    inside a 200 reaction to exactly the same request

  - Expires, Cache-Control, and/or Vary, when the area-value might

    vary from that submitted any previous response for the similar

    variant When the conditional GET used a powerful cache validator (see

section 13.3.3), the response SHOULD NOT include other entity-headers. Otherwise (i.e., the conditional GET used an inadequate validator), the response Mustn't include other entity-headers jetski from incongruencies between cached entity-physiques and up-to-date headers.

If your 304 response signifies an entity not presently cached, then your cache MUST overlook the response and repeat the request with no conditional.

If your cache utilizes a received 304 reaction to update a cache entry, the cache MUST update the admission to reflect any new area values succumbed the response.

10.3.6 305 Use Proxy

The asked for resource Should be utilized with the proxy distributed by the place area. The Place area provides the URI from the proxy. The recipient is anticipated to continue doing this single request through the proxy. 305 reactions MUST simply be produced by origin servers.

  Note: RFC 2068 wasn't obvious that 305 was meant to redirect a

  single request, and also to be produced by origin servers only.  Not

  watching these restrictions has significant security effects.

10.3.7 306 (Unused)

The 306 status code was adopted inside a previous version from the specs, is no more used, and also the code is reserved.

10.3.8 307 Temporary Redirect

The asked for resource resides temporarily within different URI. Because the redirection Might be changed occasionally, the customer SHOULD continue using the Request-URI for future demands. This fact is only cacheable if shown by a Cache-Control or Expires header area.

The temporary URI Ought to be distributed by the place area within the response. Unless of course the request method was Mind, the entity from the response SHOULD have a short hypertext note having a hyperlink towards the new URI(s) , since many pre-HTTP/1.1 user agents don't comprehend the 307 status. Therefore, the note SHOULD retain the information essential for a person to repeat the initial request around the new URI.

When the 307 status code is received in reaction to a request apart from GET or Mind, the consumer agent Mustn't instantly redirect the request unless of course it may be confirmed through the user, because this might alter the conditions to which the request was released.

I am using 302 for the time being, until I find the appropriate answer.

UPDATE/CONCLUTION:

HTTP 302 is much better since its recognized to have best compability with clients/browsers.