When a user is not allowed to view a page, what happens is they get shown the login page instead of the page they asked for, but the URL stays the same:
This means that to search-engine robot it will look like there are multiple pages with the same content (the login page content) and that they associate the wrong content with each of those URL.
It seems to me that it would be more correct, and possibly better SEO, if a user was redirected to login and then redirected back:
On that page they suggest that best practice is to just send a 401 header with the login form content, which makes sense to me, since clearly Google can then correctly surmise that it doesn't have permission to access that page's actual content. Ah! I think. This must be what Umbraco is doing! Bravo!
Back to Umbraco, check the header - ALAS - login page is served with 200 - OK, but still shows login form.
Is there any way to change this? I am more certain now that I need one solution or the other - either server a 401 unauthorized header or at least redirect to login page and back again.
Redirect unauthenticated users to Login page and change URL?
When a user is not allowed to view a page, what happens is they get shown the login page instead of the page they asked for, but the URL stays the same:
http://example.com/members-home // shows login form
This means that to search-engine robot it will look like there are multiple pages with the same content (the login page content) and that they associate the wrong content with each of those URL.
It seems to me that it would be more correct, and possibly better SEO, if a user was redirected to login and then redirected back:
http://example.com/members-home -> http://example.com/login?goto=members-home
// Login
http://example.com/login?goto=members-home -> http://example.com/members-home
Is there any simple way to achieve this alternative behaviour in Umbraco?
So I found myself wondering if it was possible to return an "unauthorized" header and then redirect to a login page, which took me here:
http://stackoverflow.com/questions/8775593/is-it-possible-to-send-a-401-unauthorized-and-redirect-with-a-location
On that page they suggest that best practice is to just send a 401 header with the login form content, which makes sense to me, since clearly Google can then correctly surmise that it doesn't have permission to access that page's actual content. Ah! I think. This must be what Umbraco is doing! Bravo!
Back to Umbraco, check the header - ALAS - login page is served with 200 - OK, but still shows login form.
Is there any way to change this? I am more certain now that I need one solution or the other - either server a 401 unauthorized header or at least redirect to login page and back again.
Okay so I worked out how to manually change the status code:
// Login.master <script runat="server"> protected void Page_Load(object sender, EventArgs e) { Context.Response.StatusCode = 401; } </script>I still think this should be default behaviour in Umbraco though.
is working on a reply...