Different redirect (http response) status codes and how the browser (should) reacts. (301 vs 302 vs 303 vs 307)
This is a quick post about the difference between these HTTP response status codes. The difference is subtle however, when doing something like SSO(my last project), the difference could be substantial.
[1]. The 301 Response
GET https://www.gmail.com/ HTTP/1.1
HTTP/1.1 301 Moved Permanently
Location: https://mail.google.com/mail/
301 tells the browser that the resource at the uri has been changed permanently to the new location, typically to the value of the 'Location' response header. The browser makes a new request and subsequently, the browser will NOT make another request to the original link (even if manually typed in the address bar by the user), in this case https://www.gmail.com, instead, it will always make the call to https://mail.google.com/mail/
[2]. The 302 response
GET https://mail.google.com/mail/ HTTP/1.1
HTTP/1.1 302 Moved Temporarily
Location: https://accounts.google.com/ServiceLogin?service=mail\&passive=true\&rm=false\&continue=https://mail.google.com/mail/\&scc=1\<mpl=default\<mplcache=2
302 tells the browser that the resource at the uri has been changed temporarily. The browser will redirect to the new location this time ONLY. The next time a request comes to the original uri, the browser will in fact hit the original uri.
[3]. The 303 response
GET / HTTP/1.1
Host: www.example.com
HTTP/1.1 303 See Other
Location: https://example.org/other
303 is almost as the same as 302, the only difference being that it tells the browser to make the second request using the GET verb. so even a POST will be converted to a GET
[4]. The 307 response
GET / HTTP/1.1
Host: www.example.com
HTTP/1.1 307 Temporary Redirect
Location: https://example.org/other
This is the same as 302 except it tells the browser that the next request should be made with the same verb as the original, in this case GET. In other words, even a POST to the original link, should redirected by a POST to the new link.