Basic HTTP Authentication & PHP-FastCGI

Igor Clark igor at
Wed Jul 23 14:20:01 MSD 2008

On 23 Jul 2008, at 11:14, Igor Clark wrote:

>> Not necessarily. If you connect to the resource using 
>>  those variables are accessible. Authorisation happens within PHP.
> Ah, OK. Prepending credentials to the URL simply makes the browser  
> send  the Authorization: header on the first request, but I see from 
>  that, as you say, Apache's mod_php adds PHP_AUTH_USER and  
> PHP_AUTH_PW to PHP's $_SERVER array whenever the Authorization  
> header is presented, whether originating from Apache or PHP. Gotcha.

I mean, whether presented by the browser because of a prior 401 from  
Apache or PHP. Duh.

Igor Clark • POKE • 10 Redchurch Street • E2 7DD • +44 (0)20 7749 5355  

More information about the nginx mailing list