What is the appropriate HTTP status code for a password protected page?
If /some-page.html
is protected, the login form is presented on that URL; it doesn't redirect to a dedicated login page.
I was thinking 401 would be suitable, but the RFC states:
The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource.