Basic HTTP Authentication & PHP-FastCGI
Igor Clark
igor at pokelondon.com
Wed Jul 23 14:20:01 MSD 2008
On 23 Jul 2008, at 11:14, Igor Clark wrote:
>> Not necessarily. If you connect to the resource using http://user:pass@domain.com
>> those variables are accessible. Authorisation happens within PHP.
>
> Ah, OK. Prepending credentials to the URL simply makes the browser
> send the Authorization: header on the first request, but I see from http://php.net/features.http-auth
> that, as you say, Apache's mod_php adds PHP_AUTH_USER and
> PHP_AUTH_PW to PHP's $_SERVER array whenever the Authorization
> header is presented, whether originating from Apache or PHP. Gotcha.
I mean, whether presented by the browser because of a prior 401 from
Apache or PHP. Duh.
--
Igor Clark • POKE • 10 Redchurch Street • E2 7DD • +44 (0)20 7749 5355
• www.pokelondon.com
More information about the nginx
mailing list