Forum Discussion

lcravopt's avatar
lcravopt
Icon for Altostratus rankAltostratus
Apr 01, 2025
Solved

Health Check is returning HTTP code 302

Hi, I'm testing a security change that was made in out .NET application, in order for the SessionId to be encrypted. In practice our application has 2 cookies ASP.NET_SessionId and .AUTHTOKEN. Wh...
health check
security
  • lcravopt's avatar
    lcravopt
    Apr 15, 2025

    So, internally, together with the DEV and IT teams, we decided to exclude the page used in the health check from the authentication (code change).

    This way it will stop to be necessary to have the cookies SessionId and AuthToken, thus the GET will return HTTP status code 200.

     

    Thank you for all your help.

lcravopt's avatar
lcravopt
Icon for Altostratus rankAltostratus
Apr 15, 2025

So, internally, together with the DEV and IT teams, we decided to exclude the page used in the health check from the authentication (code change).

This way it will stop to be necessary to have the cookies SessionId and AuthToken, thus the GET will return HTTP status code 200.

 

Thank you for all your help.

  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Icon for Nacreous rankNacreous
    Apr 15, 2025

    Can I ask you why you didn't just accepted 302 as valid response to consider that health check successful?

    It's not mandatory to have 200 response.

    In same cases even a 401 would be consider as valid response.

    • lcravopt's avatar
      lcravopt
      Icon for Altostratus rankAltostratus
      Apr 16, 2025

      The reason had to do with the fact that a 200 response is the more "normal" status code and everybody were more confortable with having that response code.