[wp-trac] [WordPress Trac] #25446: Return HTTP status code 401 upon failed login
WordPress Trac
noreply at wordpress.org
Thu Jan 22 10:24:17 UTC 2015
#25446: Return HTTP status code 401 upon failed login
------------------------------------+------------------------------
Reporter: raoulbhatia | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 3.6
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
------------------------------------+------------------------------
Comment (by toddlahman):
@nacin
Although HTTP status codes like 401 are most often applied to APIs, they
should also be applied when a response would provide a useful/usable
response. If a login fails, via a login form, the response is currently a
302 redirect, then a 200 succeeded. Neither of those communicate what
actually happened to the client, which leaves ambiguity. The end result
should be a 401, rather than a 200 status code, since a 401 communicates
useful/usable information to the client, just as an API would, so the
client can react accordingly. For example, after receiving a 401 the
client could try to login again automatically. Thinking forward, forms
will need to react as an API would. Erroring on the side of clearly
communicating via an HTTP response code seems like a step in the right
direction.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25446#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list