ID: 11578
User Update by: [EMAIL PROTECTED]
Old-Status: Feedback
Status: Open
Bug Type: HTTP related
Operating system: win32 (nt4 and 2000)
PHP Version: 4.0.5
Description: http header order not respected and messages not transmitted

yes i've tried this second undocumented argument and like i've explained it this solve 
the first part of my problem. but i think that i not explain my problem correctly.
I call some getallheader successivly after have sended my arguments but : it doesn't 
return that i see on the network and if after have written the content of getallheader 
if i do a redirection my code doesn't work (maybe the optimizer change the order of 
the execution ).

Previous Comments:

[2001-06-21 17:58:53] [EMAIL PROTECTED]
Did you try with the 2nd (undocumented before) argument
for header() like Rasmus suggested??
And it still doesn't work? 


[2001-06-21 09:59:22] [EMAIL PROTECTED]
thanks a lot ramus for your help.. the first part of the problem was my fault not the 
php fault.. but... the second part is always not functionnal...
i can obtain the correct headers and response for the ntlm scheme but.. if i do a 
header("location : xxxx"); at the END of the program... the value are not written 
correctly !!
maybe an optimizer miss optimization.....
It strange that on a test without redirection all seems correct but adding instruction 
after the write and the file was closed and flushed this is not functionnal...
thank a lot and sorry to spam you with my little problem. but it's a mission critical 
projet for France Telecom Mobile service (ORANGE) and i prefer using php with linux 
than IIS... i need to prove the possibilities of the open source platform..


[2001-06-21 09:21:45] [EMAIL PROTECTED]
By default PHP's header() function will replace the value
of an http header with the value you give it.  If you don't
want it to replace, but instead add a second header with
a different value, use the optional second arg to header() 
to tell PHP not to do this replace.  So your code should be:

header("www-authenticate: Negociate");
header("www-authenticate: NTLM",0);

I don't blame you for not knowing this though.  It isn't
documented anywhere.  I will take care of that now.


[2001-06-21 01:38:26] [EMAIL PROTECTED]
I currently use the module version of php like indicated in my previous description.
I've separed the ""bug"" in two part to be more understandable (i'm not familiar with 
the first part is with the function header :
if i execute the following code : 
header("HTTP/1.1 401 acces refuse");
header("www-authenticate: Negociate");
header("www-authenticate: NTLM");
(i know this not correct for rfc but IIS work like that..)
and on the network dump i see:
HTTP/1.1 401 unauthorized (not my message !!!)
www-authenticate: NTLM (squizzed the negociate!!)

now the second part of the message : 
during my challenge to obtain ntlm auth 3 messages are exchanged like that : 
c = client ; s = server

1 c -> s GET
2 s -> c http/1.1 401 unauthorized
       www-authenticate : NTLM
3 c -> s authorization: <msg1>
4 s -> c http/1.1 401 unauthorized
       www-authenticate : NTLM <msg2>
5 c -> s authorization: <msg3>

so on the number 2 i do calls to header
on the 3 i call getallheaders (return msg1)
on the 4 i call header
on the 5 i cal getallheaders
i write it to a file (for tests)
i close the file

my first suprise was : on the network layer all is correct : 3 msg, 3 corrects 
contents and the 3 msg differents.
on the php layer : msg1 is the same that msg 3  !!!
if i do a redirection after have closed the file :
it contains no more messages !!!!!!!!
is the optmizer fault ?????
If i'am not clear i can try to reexplain


[2001-06-20 12:14:28] [EMAIL PROTECTED]
Are you using the Apache module version of PHP on Windows
or the standalone CGI binary version?  And what do you 
mean the headers are in the wrong order?  The order of
HTTP headers is not significant.


The remainder of the comments for this report are too long.  To view the rest of the 
comments, please view the bug report online.

Full Bug description available at:

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to