Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialNathan Gallagher
21,518 PointsWhy not just redirect to the login page if a user isn't logged in?
Any particular reason why Dave chose to display an error message instead of just redirecting non-logged in users to the login page when they try to access a password protected page? I'm wondering if there's a certain best practice here.
1 Answer
Steven Parker
231,261 PointsThe error recognizes what was being attempted.
Just displaying the login page would certainly save a step towards getting to the desired page, but the issue is that the client was attempting to go directly to the protected page. So displaying the error recognizes the browser's intent, and provides an appropriate response.
Displaying a page other than the one requested, even in the case of an error, could be interpreted by the user as a malfunction of the application, or maybe even a hijacking or attempted identity theft.
The "best practice" here might be: "Always display either the requested page or an error".
Nathan Gallagher
21,518 PointsNathan Gallagher
21,518 PointsThat makes sense. Thanks!
Sebastian H
19,905 PointsSebastian H
19,905 PointsOr even better, combine the two? Respond with a page which shows the error and then a login form underneath.