If I am sending the data via ajax I will use jQuery's .done()
and .fail()
functions. If the login failed for any reason I want to invoke the methods in .fail()
So I will send back a 400 (bad request)
header, otherwise the methods in .done()
would be fired.
But if you were redirecting to a login page with the failed details then yes, a 200 would be appropriate.