Posted by yawnmoth on 12/21/07 19:58

When the server sends out a WWW-Authenticate header combined with a
401 response code, you get prompted for a username / password.

On some servers, this username and password are then saved in
$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']. On others,
however, they aren't. So why, on these servers, isn't the value saved
in $_SERVER['HTTP_AUTHORIZE']? The authorize header in the HTTP
response is the header that contains the info that, anyway.

eg. Authorization: Basic YXNkZjphc2Rm

....which base64_decode()'s to 'asdf:asdf'.

It seems that most any header in the HTTP request is added to $_SERVER
via HTTP_* (even made up ones), so why is Authorize different?

• Next in forum: Re: Would you stop for a moment?!
• Prev in forum: Re: Will the code be much different if requirement on the number of maximum concurrent visitors is greatly different?
• Thread view: PHP_AUTH_* and HTTP_AUTHORIZATION?

[Reply to this message]