HTTP error code when session token expires

After login to the web site there is a token valid for 15 minutes. In this time you are able to work on the side. After this 15 minutes the session token gets invalid. Which HTTP error code is correct? Actually we are using the 404 error code is this correct?
1 answer

In this case the error code 401 Unauthorized will be the right HTTP error code, because the existing session token doesn't authorize you any more. Sending the error code 404 is incorrect, because the resource still exists but you aren't currently authorized to see it. Actually a session token is only a shortcut to avoid providing credentials for every request.