header() problem 401 Unauthorized

fotakis

Hello people,
I have looked all over the forums with help about this, and I am in a dead end, I am suppose to deliver in 3 days and look where I am stuck, header(HTTP/1.0 401 Unauthorized) doesn't work in apache!!

I am definately doing something wrong, so I decided to redirect the user to some page called sorry.html when they are not authorized to view a page. But what are the security concerns in this?

I would be really happy if someone could please tell me how to produce the 401 header correctly, or to give me an alternative!!!

Thank you in advance!
Fotis

Anon

Perhaps you can be more specific as to how it's not working.. like, telling us what error you get.

If you're getting a parse error, don't forget the quotation marks: header("blahblah");

:-)

fotakis

Yes in the code I have header("HTTP/1.0 401 Unauthorized") but I don't think that that is the problem.

All I want to do is to sent and 401 Unathorized header correctly, can anyone help?

Anon

well I am not sure if you ever got your answer, but you will not see the header in the browser, in fact the browser will not react to the header in the way you are thinking, unless you are using friendly errors in IE.

The browser will still read the page, apache doesn't automatically generate the proper error page, you have to do that.

This has been my experience anyways.

Just for clarity:

<?php
header("HTTP/1.0 401 Unauthorized");

echo "hello";
?>

will show up in the browser as:

hello

so it is up to the script to generate the proper message to coorspond with the error.

For futher proof I built a reader to read the head and the body and this is what the script above returned to my reading script.

HTTP/1.1 401 Authorization Required
Date: Fri, 25 May 2001 02:52:06 GMT
Server: Apache/1.3.12 (Unix) PHP/4.0.3pl1
X-Powered-By: PHP/4.0.3pl1
Connection: close
Content-Type: text/html

hello

so the code works it just didn't effect the browsers behavior.

Jay
<http://www.shoutclub.com>