Correct http status code for resource which requires authorization

Question

There seems to be a lot of confusion about the correct http status code to return if the user tries to access a page which requires the user to login.

So basically what

Answer 1

Your Answer:

401 Unauthorized especially if you do not care or will not be redirecting people to a login page

-or-

302 Found to imply there was the resource but they need to provide credentials to be returned to it. Do this only if you will be using a redirect and make sure to provide appropriate information in the body of the response.

---

Other Suggestions:

401 Unauthorized is generally used for resources the user does not have access to after handling authentication.

403 Forbidden is a little obscure to me in honesty. I use it when I lock down resources from the file system level, and like your post said, "authorization does not help".

400 Bad Request is inappropriate as needing to login does not represent malformed syntax.