Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What status code should I use when session token is invalid?

When creating a web service (RESTful), what status code should I use when session token is invalid? Currently the one in my company sends me a 404, not found, but I think this is not correct, because the resource exists. Maybe I should use 401 Unauthorized. What do you think? What status code do you recommend me to use in this scenario? Thanks.

like image 711
Ricardo Avatar asked Dec 16 '13 14:12

Ricardo


People also ask

What status code is invalid token?

401 Unauthorized is the status code to return when the client provides no credentials or invalid credentials. 403 Forbidden is the status code to return when a client has valid credentials but not enough privileges to perform an action on a resource.

How do I fix an invalid token?

The “Invalid Token” message indicates that a link has either been used previously, or has expired. To generate a new link, reset your password again through the main login screen. If you continue to have trouble, ensure you are referencing the most current Password Reset link.

What is the status code for expired token?

If you attempt to use an expired token, you'll receive a "401 Unauthorized HTTP" response. When this happens, you'll need to refresh the access token.

What is a 201 response code?

The HTTP 201 Created success status response code indicates that the request has succeeded and has led to the creation of a resource.


1 Answers

401 Unauthorized.

Your existing session token doesn't authorize you any more, so you are unauthorized.

Don't forget that a session token is just a short-cut to avoid having to provide credentials for every request.

Sending 404 is incorrect because, as you observe, the resource does exist. You just don't currently have authorization to see it.

NB Don't use 403 Forbidden; the HTTP specification defines it as follows: "The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated." That doesn't apply in this case as authorization WILL help.

like image 145
Colin 't Hart Avatar answered Sep 27 '22 17:09

Colin 't Hart