For a web page that exists, but for which a user does not have sufficient privileges (they are not logged in or do not belong to the proper user group), what is the proper HTTP response to serve?
401 Unauthorized
?
403 Forbidden
?
Something else?
What I've read on each so far isn't very clear on the difference between the two. What use cases are appropriate for each response?
Best Answer
A clear explanation from Daniel Irvine:
Another nice pictorial format of how http status codes should be used.