[PHP-DOC] #37371 [Ver->Csd]: WWW-Authenticate requires commas

Mon, 08 May 2006 16:09:20 -0700 

 ID:               37371
 Updated by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
-Status:           Verified
+Status:           Closed
 Bug Type:         Documentation problem
 Operating System: n/a
 PHP Version:      Irrelevant
 Assigned To:      simp
 New Comment:

This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation
better.

    header('WWW-Authenticate: Digest realm="'.$realm.         
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');

Authentication parameters have to be comma-separated as seen in the
digest example above.



Previous Comments:
------------------------------------------------------------------------

[2006-05-08 22:58:13] [EMAIL PROTECTED]

You're right. RFC 2617 also says so:
"It uses an extensible, case-insensitive token to identify the
authentication scheme, followed by a comma-separated list of
attribute-value pairs which carry the parameters necessary for
achieving authentication via that scheme."

------------------------------------------------------------------------

[2006-05-08 22:46:06] [EMAIL PROTECTED]

Description:
------------
In the Digest example on

http://php.net/features.http-auth

the auth, qop, nonce, and opaque values for the WWW-Authenticate header
are not separated  by commas. 

This works fine for browsers like Firefox, but does not work when
authenticating with Internet Explorer or Opera. So, for maximum
compatability, be sure to separate the key/value pair elements of the
WWW-Authenticate header with commas.

I'm not sure what the RFCs say; I just know what works.

And I think it's strange that the comment I posted with the same
information was deleted -- since it could save someone like me in a
similar situation a lot of pain and frustration until someone on the
Doc team gets around to changing this...



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=37371&edit=1

Reply via email to