|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73936 Certain special header() calls wrongly prevent connection from closing
Submitted: 2017-01-14 18:38 UTC Modified: -
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: markamery at btinternet dot com Assigned:
Status: Open Package: Apache2 related
PHP Version: Irrelevant OS: Ubuntu
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-01-14 18:38 UTC] markamery at btinternet dot com
Running under mod_php, calling

    header('HTTP/1.1 200 OK');

seems to prevent the connection from being closed once the PHP script finishes. This can be demonstrated by, for instance, hitting the script with ab (the Apache benchmark tool), which (unlike most HTTP clients, including browsers) only considers a request to have finished once the connection is closed, rather than when Content-Length bytes have been received. describes this case in more detail.


    header('http/1.1 200 OK');

does not have the same effect, despite producing a character-for-character identical HTTP response (as can be observed with `curl -i --raw`).

Test script:

header('HTTP/1.1 200 OK');

Expected result:
Unless `Connection: keep-alive` is specified in the request, the connection should close once the PHP script finishes. In particular, the behaviour should be identical to other calls with the same meaning, like




        header('http/1.1 200 OK')

Actual result:
The connection does not close, and the alternate scripts suggested above have different behaviours to the test script.


Add a Patch

Pull Requests

Add a Pull Request

PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Sep 25 04:03:37 2021 UTC