Basic HTTP Authentication & PHP-FastCGI

Igor Clark igor at pokelondon.com
Wed Jul 23 14:20:01 MSD 2008


On 23 Jul 2008, at 11:14, Igor Clark wrote:

>> Not necessarily. If you connect to the resource using http://user:pass@domain.com 
>>  those variables are accessible. Authorisation happens within PHP.
>
> Ah, OK. Prepending credentials to the URL simply makes the browser  
> send  the Authorization: header on the first request, but I see from http://php.net/features.http-auth 
>  that, as you say, Apache's mod_php adds PHP_AUTH_USER and  
> PHP_AUTH_PW to PHP's $_SERVER array whenever the Authorization  
> header is presented, whether originating from Apache or PHP. Gotcha.

I mean, whether presented by the browser because of a prior 401 from  
Apache or PHP. Duh.

--
Igor Clark • POKE • 10 Redchurch Street • E2 7DD • +44 (0)20 7749 5355  
• www.pokelondon.com








More information about the nginx mailing list