[wp-trac] [WordPress Trac] #25446: Return HTTP status code 401 upon failed login

WordPress Trac noreply at wordpress.org
Thu Jan 22 10:24:17 UTC 2015


#25446: Return HTTP status code 401 upon failed login
------------------------------------+------------------------------
 Reporter:  raoulbhatia             |       Owner:
     Type:  enhancement             |      Status:  new
 Priority:  normal                  |   Milestone:  Awaiting Review
Component:  Login and Registration  |     Version:  3.6
 Severity:  normal                  |  Resolution:
 Keywords:  has-patch               |     Focuses:
------------------------------------+------------------------------

Comment (by toddlahman):

 @nacin

 Although HTTP status codes like 401 are most often applied to APIs, they
 should also be applied when a response would provide a useful/usable
 response. If a login fails, via a login form, the response is currently a
 302 redirect, then a 200 succeeded. Neither of those communicate what
 actually happened to the client, which leaves ambiguity. The end result
 should be a 401, rather than a 200 status code, since a 401 communicates
 useful/usable information to the client, just as an API would, so the
 client can react accordingly. For example, after receiving a 401 the
 client could try to login again automatically. Thinking forward, forms
 will need to react as an API would. Erroring on the side of clearly
 communicating via an HTTP response code seems like a step in the right
 direction.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/25446#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list