[thelist] 403 or 404?
Bill Moseley
moseley at hank.org
Tue Jun 5 23:22:59 CDT 2007
Say I have a web application where someone must be logged in.
To view an object a user makes a request like:
/object/21
where 21 is the primary key in the object table. If the user *owns*
object 21 they can view it. If the user does not own the object do
they get 403 or 404? Kind of seems like a 403.
What if the request is for an id that doesn't exist? Does that make a
difference?
/object/393928128
I'm thinking 404 in both cases (which I guess is withing the spec).
Would you handle things differently if the object id was
part of a query string?
/object?id=21
Or in a hidden field in a posted form?
--
Bill Moseley
moseley at hank.org
More information about the thelist
mailing list