Geek Answers Handbook

Should a web page requiring a login be redirected to a login page or just display a form?

When a web page offers content that requires a user to log in, there are two ways to authenticate them:

  • The web application saves the URL, then redirects to a separate login page, and then, after successful authentication, redirects back to the saved URL;

  • Instead of protected content, the page displays the login form (remaining at the same URL), and after the successful login, the page is updated and the real content appears.

I would like to know the following:

  • If I go with option 1, what will be the correct http status code to use? ( 302 is probably the correct option , so I list this question here for the sake of completeness.)
  • What would be the appropriate http status code for option 2? 401 is tempting, but I don't want to use http authentication.
    • Question: Why is HTTP authentication so unusual?
  • How can I guarantee that crawlers will not associate the title of protected content, keywords, description and other metadata with the login form?

And actually this is what I really would like to know:

  • Do http status codes know in the above cases? Are there any pragmatic benefits of using proper status codes?
+7
source share
1 answer

You want to use option 1. The reason for this is that if you display the form on every URL that requires a login, you will have two problems:

  • Search engines will assume that the login form is the actual content of this URL instead of the actual content. Obviously, this is not what you want.
  • Google will see that all of these pages duplicate content, which is bad. Their Panda algorithm is specifically designed for a large number of duplicate content, and this can lead to the fact that your site as a whole will be punished for low quality content.

Using 302 redirects would be the right way to do this, as you have already discovered. And using the right status codes matters. Search engines interpret their meaning and sending the wrong status code can lead to negative consequences. Since sending the correct HTTP status code is easy to do, it is definitely worth doing.

+2
source

More articles:


All Articles