401 Unauthorized is misleading as it really has to do with authentication not authorization. You are to see this when you just can't log in with that username and password. 403 Forbidden rears its head when you can log in and browse the app but you can't go into the backroom and hang out in the VIP Lounge because you have only so much free range once you're inside the front door. A less vague example of the VIP Lounge might be that page where one can delete employees. Anyhow 403 really is of authorization and what you can and can't do even as either way you are deemed legit as a user in the big picture.
No comments:
Post a Comment