[PHP-DOC] #37371 [Ver->Csd]: WWW-Authenticate requires commas :: ASPN Mail Archive

Recent Messages
List Archives
About the List
List Leaders
Subscription Options

View Subscriptions
Help

View by Topic
ActiveState
.NET Framework
Open Source
Perl
PHP
Python
Tcl
Web Services
XML & XSLT

View by Category
Database
General
SOAP
System Administration
Tools
User Interfaces
Web Programming
XML Programming

MyASPN >> Mail Archive >> phpdoc

phpdoc

[PHP-DOC] #37371 [Ver->Csd]: WWW-Authenticate requires commas
by simp other posts by this author
May 8 2006 4:09PM messages near this date

[PHP-DOC] #37371 [NEW]: WWW-Authenticate requires commas | [PHP-DOC] #37371 [Opn->Ver]: WWW-Authenticate requires commas

ID:               37371
 Updated by:       simp@[...].net
 Reported By:      cyberscribe@[...].net
-Status:           Verified
+Status:           Closed
 Bug Type:         Documentation problem
 Operating System: n/a
 PHP Version:      Irrelevant
 Assigned To:      simp
 New Comment:

This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation
better.

    header('WWW-Authenticate: Digest realm="'.$realm.         
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');

Authentication parameters have to be comma-separated as seen in the
digest example above.



Previous Comments:
------------------------------------------------------------------------

[2006-05-08 22:58:13] simp@[...].net

You're right. RFC 2617 also says so:
"It uses an extensible, case-insensitive token to identify the
authentication scheme, followed by a comma-separated list of
attribute-value pairs which carry the parameters necessary for
achieving authentication via that scheme."

------------------------------------------------------------------------

[2006-05-08 22:46:06] cyberscribe@[...].net

Description:
------------
In the Digest example on

http://php.net/features.http-auth

the auth, qop, nonce, and opaque values for the WWW-Authenticate header
are not separated  by commas. 

This works fine for browsers like Firefox, but does not work when
authenticating with Internet Explorer or Opera. So, for maximum
compatability, be sure to separate the key/value pair elements of the
WWW-Authenticate header with commas.

I'm not sure what the RFCs say; I just know what works.

And I think it's strange that the comment I posted with the same
information was deleted -- since it could save someone like me in a
similar situation a lot of pain and frustration until someone on the
Doc team gets around to changing this...



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=37371&edit=1

Thread:

Cyberscribe@Php.Net

simp