status code login success

The header that the server sends is either the 200 OK or 401 denied status codes on success or failure.

See http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html Section 10.4.2 401 Unauthorized for this.

When sending the 401, the server must send a

WWW-Authenticate = "WWW-Authenticate" ":" 1#challenge

to indicate what scheme should be used to authenticate.

See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html Section 14.47 WWW-Authenticate for this.