HTTP response code for a redirect upon success

A place to discuss the implementation and style of computer programs.

Moderators: phlip, Moderators General, Prelates

User avatar
ucim
Posts: 6860
Joined: Fri Sep 28, 2012 3:23 pm UTC
Location: The One True Thread

HTTP response code for a redirect upon success

Postby ucim » Tue Jul 14, 2015 5:33 pm UTC

I have a form, coded in php. In essence it is:

Code: Select all

get and clean input if any;
$output = '';
switch (based on input)
{   case (bad incoming form data)
    {    $output .= 'try again, you turkey<br>';
        // fall through
    }
    case(virgin)
    {    $output .= form(with action=this same php file);
        break;
   }
    case(good incoming form data)
    {   do stuff();
        header("thankyou.php");
        die('mustard');  // should not be executed
    }
}
echo $output;


The php header function by default returns a status 302 (moved temporarily) code. I'm not sure that's quite the right thing to tell the useragent. Since the form data is returned to this same php file, the redirection is indicative of a successful POST action to this page. The "page" didn't move. So, 200 (ok) seems like the right response, even though a different "page" is being sent. I could do that using a
header("HTTP/1.0 200 OK");
statement, or a
header($_SERVER["SERVER_PROTOCOL"]." 200 OK");
statement before the actual redirect.

Make sense?

Jose
Order of the Sillies, Honoris Causam - bestowed by charlie_grumbles on NP 859 * OTTscar winner: Wordsmith - bestowed by yappobiscuts and the OTT on NP 1832 * Ecclesiastical Calendar of the Order of the Holy Contradiction * Heartfelt thanks from addams and from me - you really made a difference.

User avatar
PeteP
What the peck?
Posts: 1451
Joined: Tue Aug 23, 2011 4:51 pm UTC

Re: HTTP response code for a redirect upon success

Postby PeteP » Tue Jul 14, 2015 6:23 pm UTC

I think sending a 302 is how it redirects the browser. So I don't think that would make sense. How about a 303.

Spoiler:
303 See Other (since HTTP/1.1)
The response to the request can be found under another URI using a GET method. When received in response to a POST (or PUT/DELETE), it should be assumed that the server has received the data and the redirect should be issued with a separate GET message.

User avatar
Thesh
Made to Fuck Dinosaurs
Posts: 6580
Joined: Tue Jan 12, 2010 1:55 am UTC
Location: Colorado

Re: HTTP response code for a redirect upon success

Postby Thesh » Tue Jul 14, 2015 6:51 pm UTC

Normally you wouldn't send a redirect with a 200 status code; I'm not even sure browsers would respect it. 302 is what is usually used. Technically, 303 is correct, although http 1.0 user agents might not support it (which you probably don't care about), and it will be handled identically to 302 in all browsers anyway. I think the general consensus among web developers is to just use a 302.
Summum ius, summa iniuria.

User avatar
ucim
Posts: 6860
Joined: Fri Sep 28, 2012 3:23 pm UTC
Location: The One True Thread

Re: HTTP response code for a redirect upon success

Postby ucim » Tue Jul 14, 2015 7:47 pm UTC

PeteP implies some respected source wrote:303 See Other (since HTTP/1.1)
The response to the request can be found under another URI using a GET method
Thesh wrote:Normally you wouldn't send a redirect with a 200 status code; I'm not even sure browsers would respect it.
Ok, that makes sense then. The browser is being told to fetch something else in response to a successful action.

Thanks.

Jose
Order of the Sillies, Honoris Causam - bestowed by charlie_grumbles on NP 859 * OTTscar winner: Wordsmith - bestowed by yappobiscuts and the OTT on NP 1832 * Ecclesiastical Calendar of the Order of the Holy Contradiction * Heartfelt thanks from addams and from me - you really made a difference.

DaveInsurgent
Posts: 207
Joined: Thu May 19, 2011 4:28 pm UTC
Location: Waterloo, Ontario

Re: HTTP response code for a redirect upon success

Postby DaveInsurgent » Wed Jul 15, 2015 3:52 pm UTC

You're right that a 200 seems like the correct response. The fact a different 'page' is being sent is completely irrelevant, and in fact is how HTTP/REST is designed (all that matters is the current state of the resource as the server decides to present it). BUT - browsers exhibit some funny behaviour when submitting data and what you're doing is following the "POST-Redirect-GET" paradigm to work around it:

https://en.wikipedia.org/wiki/Post/Redirect/Get

303 is the correct code to implement this behaviour. If this was an API that say, a mobile client talked to, then the redirect would be pointless. If you wanted to be clever you could try to offer different status codes depending on whether or not it was a browser or other device, but I think this is generally a Bad Idea.


Return to “Coding”

Who is online

Users browsing this forum: No registered users and 7 guests