Posted by TS Moderator1 on 07/02/07 03:48

Here is an example from the PHP Manual

<?php

if ((!isset($_SERVER['PHP_AUTH_USER'])) || (1==1)) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</
p>";
}
?>

Questions.

1. This is a status code not a header, right? => header('HTTP/1.0
401 Unauthorized');

2. According to the change log in the PHP manual, starting with 4.4.2
and 5.1.2 the header function now prevents more than one header to be
sent at once as a protection against header injection attacks. Does
this mean if I make multiple header calls the headers will be sent in
multiple response messages to the browser? Is this allowed? Can a
server send multiple response messages to one request?]

3. If you hit the "cancel" button on the browser user name/password
request dialog (as alluded to in the code snippet above), what message
does the browser send to the server.

[Back to original message]