Welcome to the Treehouse Community
Looking to learn something new?
Nathan Gallagher21,518 Points
Why not just redirect to the login page if a user isn't logged in?
Any particular reason why Dave chose to display an error message instead of just redirecting non-logged in users to the login page when they try to access a password protected page? I'm wondering if there's a certain best practice here.
Steven Parker220,925 Points
The error recognizes what was being attempted.
Just displaying the login page would certainly save a step towards getting to the desired page, but the issue is that the client was attempting to go directly to the protected page. So displaying the error recognizes the browser's intent, and provides an appropriate response.
Displaying a page other than the one requested, even in the case of an error, could be interpreted by the user as a malfunction of the application, or maybe even a hijacking or attempted identity theft.
The "best practice" here might be: "Always display either the requested page or an error".