|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #2727 Incorrect 401 Status Manipulation
Submitted: 1999-11-15 20:20 UTC Modified: 1999-11-16 00:35 UTC
From: mike at vservers Assigned:
Status: Closed Package: Other
PHP Version: 4.0 Beta 2 OS: BSDI 4.01
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: mike at vservers
New email:
PHP Version: OS:


 [1999-11-15 20:20 UTC] mike at vservers
Using Apache 1.3.1 and PHP 4.0b2:

If there's an Apache directive for a custom 401 authorization required) error page, and that error page file is a PHP file type, the PHP handler parses through the file and then changes the request status from 401 to 200.  

The result of this is that if you have a PHP enhanced 401 error page, PHP prevents your browser from requesting a password because it changes the request status from a 401 to a 200. 


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [1999-11-16 00:35 UTC] sas at cvs dot php dot net
Add a 

header("HTTP/1.0 401 Unauthorized");

to your script and it should work.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jun 25 01:01:28 2024 UTC