From: tgourrier at hotmail dot com
Operating system: All
PHP version: 4.3.1
PHP Bug Type: HTTP related
Bug description: No way to clear PHP_AUTH_* variables if authorization fails
Description:
------------
When using the:
header('WWW-Authenticate: Basic realm="My Realm"');
mechanism, the PHP_AUTH_* variables are set and there is no way to clear
or unset these variables if the authentication fails.
This is in contrast to the way that external authentication works (with
Apache at least). If external authentication fails, the PHP_AUTH variables
are not set (or at least they are cleared).
There should be some way within PHP to clear these variables if the
authentication is not successful.
--
Edit bug report at http://bugs.php.net/?id=24768&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=24768&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=24768&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=24768&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=24768&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=24768&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=24768&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=24768&r=support
Expected behavior: http://bugs.php.net/fix.php?id=24768&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=24768&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=24768&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=24768&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24768&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=24768&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=24768&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=24768&r=gnused
