This is not really a Jersey question but a general REST question. I would be happy if someone wants to suggest a different place to pose the question, but I'm starting here. Anyway, here it is:
I have a URL like this: ws/savedCriteria that will return a different result depending on who is authenticated, which is a problem whether I store the authentication in a session or not. I would like to fix this in a backward compatible way. I'm not firm on the new URL - but say it's ws/users/{userid}/config/savedCriteria.
When an older client makes a request to ws/savedCriteria with an authenticated user = foouser, should I return a 301 with ws/users/foouser/config/savedCriteria? Every distinct user who requests ws/savedCriteria will be redirected to a different URL, so a "Moved Permanently" seems not quite right. However, 302 implies moved temporarily, which is also wrong. 303 looks technically correct since the RFC says, "The new URI is not a substitute reference for the originally requested resource. The 303 response MUST NOT be cached, but the response to the second (redirected) request might be cacheable." However, I have never seen 303 used this way.
Does anyone have any thoughts on this?