Bir giriş sayfasına yönlendirme yaparken doğru HTTP durum kodu nedir?

4 Cevap php

Bir kullanıcı giriş ve giriş gerektiren bir sayfaya erişmeye çalıştığında değilse, giriş sayfasına bir yönlendirme için doğru HTTP durum kodu nedir?

Hiçbiri 3xx response codes set out by the W3C seem gereksinimlerine uygun çünkü ben soruyorum:

10.3.1 300 Multiple Choices

The requested resource corresponds to any one of a set of representations, each with its own specific location, and agent- driven negotiation information (section 12) is being provided so that the user (or user agent) can select a preferred representation and redirect its request to that location.

Unless it was a HEAD request, the response SHOULD include an entity containing a list of resource characteristics and location(s) from which the user or user agent can choose the one most appropriate. The entity format is specified by the media type given in the Content- Type header field. Depending upon the format and the capabilities of

the user agent, selection of the most appropriate choice MAY be performed automatically. However, this specification does not define any standard for such automatic selection.

If the server has a preferred choice of representation, it SHOULD include the specific URI for that representation in the Location field; user agents MAY use the Location field value for automatic redirection. This response is cacheable unless indicated otherwise.

10.3.2 301 Moved Permanently

The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs. Clients with link editing capabilities ought to automatically re-link references to the Request-URI to one or more of the new references returned by the server, where possible. This response is cacheable unless indicated otherwise.

The new permanent URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s).

If the 301 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

  Note: When automatically redirecting a POST request after
  receiving a 301 status code, some existing HTTP/1.0 user agents
  will erroneously change it into a GET request.

10.3.3 302 Found

The requested resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client SHOULD continue to use the Request-URI for future requests. This response is only cacheable if indicated by a Cache-Control or Expires header field.

The temporary URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s).

If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

  Note: RFC 1945 and RFC 2068 specify that the client is not allowed
  to change the method on the redirected request.  However, most
  existing user agent implementations treat 302 as if it

were a 303 response, performing a GET on the Location field-value regardless of the original request method. The status codes 303 and 307 have been added for servers that wish to make unambiguously clear which kind of reaction is expected of the client.

10.3.4 303 See Other

The response to the request can be found under a different URI and SHOULD be retrieved using a GET method on that resource. This method exists primarily to allow the output of a POST-activated script to redirect the user agent to a selected resource. The new URI is not a substitute reference for the originally requested resource. The 303 response MUST NOT be cached, but the response to the second (redirected) request might be cacheable.

The different URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s).

  Note: Many pre-HTTP/1.1 user agents do not understand the 303
  status. When interoperability with such clients is a concern, the
  302 status code may be used instead, since most user agents react
  to a 302 response as described here for 303.

10.3.5 304 Not Modified

If the client has performed a conditional GET request and access is allowed, but the document has not been modified, the server SHOULD respond with this status code. The 304 response MUST NOT contain a message-body, and thus is always terminated by the first empty line after the header fields.

The response MUST include the following header fields:

  - Date, unless its omission is required by section 14.18.1 If a

clockless origin server obeys these rules, and proxies and clients add their own Date to any response received without one (as already specified by [RFC 2068], section 14.19), caches will operate correctly.

  - ETag and/or Content-Location, if the header would have been sent
    in a 200 response to the same request
  - Expires, Cache-Control, and/or Vary, if the field-value might
    differ from that sent in any previous response for the same
    variant If the conditional GET used a strong cache validator (see

section 13.3.3), the response SHOULD NOT include other entity-headers. Otherwise (i.e., the conditional GET used a weak validator), the response MUST NOT include other entity-headers; this prevents inconsistencies between cached entity-bodies and updated headers.

If a 304 response indicates an entity not currently cached, then the cache MUST disregard the response and repeat the request without the conditional.

If a cache uses a received 304 response to update a cache entry, the cache MUST update the entry to reflect any new field values given in the response.

10.3.6 305 Use Proxy

The requested resource MUST be accessed through the proxy given by the Location field. The Location field gives the URI of the proxy. The recipient is expected to repeat this single request via the proxy. 305 responses MUST only be generated by origin servers.

  Note: RFC 2068 was not clear that 305 was intended to redirect a
  single request, and to be generated by origin servers only.  Not
  observing these limitations has significant security consequences.

10.3.7 306 (Unused)

The 306 status code was used in a previous version of the specification, is no longer used, and the code is reserved.

10.3.8 307 Temporary Redirect

The requested resource resides temporarily under a different URI. Since the redirection MAY be altered on occasion, the client SHOULD continue to use the Request-URI for future requests. This response is only cacheable if indicated by a Cache-Control or Expires header field.

The temporary URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s) , since many pre-HTTP/1.1 user agents do not understand the 307 status. Therefore, the note SHOULD contain the information necessary for a user to repeat the original request on the new URI.

If the 307 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

I the doğru cevap bulana kadar, şimdilik 302 kullanıyorum.

Update & conclusion:

HTTP 302 müşterilerine / tarayıcılar ile en iyi uyumluluk olduğu bilinen beri iyidir.

4 Cevap

Ben derim 303 see other 302 Found:

İstenen kaynak, farklı bir tanım altında geçici olarak bulunur. Yönlendirme might be altered on occasion, istemci gelecek istekler için Request-URI kullanmaya devam ÖNERİ beri. Bu yanıt bir Cache-Control ile belirtilen yalnızca önbelleklenebilecek veya başlık alanı Bitiş.

Bence en yakın bir giriş sayfası uyuyor. Ben başlangıçta sadece de çalışmak 303 see other olduğu kabul. Biraz düşündükten sonra, ben o ulaşılabilir hemen önce geçmesi için başka bir sayfası var, rica kaynak was bulundu çünkü 302 Found daha uygun olduğunu söyleyebilirim. Tepkisi de gayet iyi varsayılan olarak önbelleğe almaz.

Ben uygun çözüm HTTP 401 (Yetkili değil) başlık olduğunu düşünüyorum.

http://en.wikipedia.org/wiki/HTTP_codes#4xx_Client_Error

Bu başlığın amacı tam olarak bu. Yerine giriş sayfasına yönlendirme Ama, doğru süreç gibi bir şey olurdu:

  • Giriş yapmadınız kullanıcı login-kısıtlı sayfasına erişmeye çalışın.
  • sistem kullanıcı oturum değil tanımlar
  • Sistem HTTP 401 başlığını döndürür VE aynı yanıtı (bir yönlendirme) olarak giriş formu görüntüler.

Bu site haritası bağlantıları ile kullanışlı bir 404 sayfa, ve örneğin arama formunu sağlayan gibi, iyi bir uygulamadır.

Seni görmek.

Bu HTTP yönlendirme mekanizmasının yanlış olduğunu. Bir kullanıcı yetkili değilse o zaman app 401 Unauthorized dönmelidir. Durumda kullanıcı yetkili, ancak istenen kaynağa erişim yok o zaman 403 Forbidden iade edilmelidir.

Sen mesela, istemci tarafında yeniden yönlendirme yapmak gerekir javascript ile. status code for redirection because of required authorization doesn't exist. Bunun için 30x kullanılması her zaman yanlış olduğunu.

Ben Firefox tarayıcı 302 yönlendirmesi önbelleğe nadir durumlarda vardı. Ben giriş sayfaları ve eg için 307 kullanıyorum neden nedeni yeni yazı / post / Yorum / etc yönlendirir.

Eğer 302 kullanıyorsanız, bu önbelleğe alma devre dışıdır çift kontrol etmeyi unutmayın:

header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache');
header('Pragma: no-cache');
header('Cache-Control: post-check=0, pre-check=0', false);