HTTP error code when session token expires

After login to the web site there is a token valid for 15 minutes. In this time you are able to work on the side. After this 15 minutes the session token gets invalid. Which HTTP error code is correct? Actually we are using the 404 error code is this correct?

Taggings:

token
http
web-services

Submitted by Verena Zernpfennig on Sat, 11/17/2018 - 10:18

Complexity

Relevance

1 answer

In this case the error code 401 Unauthorized will be the right HTTP error code, because the existing session token doesn't authorize you any more. Sending the error code 404 is incorrect, because the resource still exists but you aren't currently authorized to see it. Actually a session token is only a shortcut to avoid providing credentials for every request.

Submitted by Verena Zernpfennig on Sat, 11/17/2018 - 10:23

Taggings:

http
unauthorized
session token

Main menu

Navigation

Tags in Web Engineering

Tags in Social Tags

HTTP error code when session token expires

Taggings:

Taggings:

Main menu

You are here

Navigation

Tags in Web Engineering

Tags in Social Tags

HTTP error code when session token expires

Taggings:

Taggings: