[nycphp-talk] Firefox and authentication

Zakir Tariverdiev zakir_tariverdiev at
Sat Jan 31 04:09:34 EST 2009

Perhaps you'll find the answer here:

--- On Fri, 1/30/09, Michele Waldman <mmwaldman at> wrote:
From: Michele Waldman <mmwaldman at>
Subject: [nycphp-talk] Firefox and authentication
To: "'NYPHP Talk'" <talk at>, javascript-7 at, linux-392 at
Date: Friday, January 30, 2009, 9:30 PM


I’m trying to switch from basic authentication to
digest.  I’m working in Firefox, which is why. 


 I’m using mod_auth_mysql for most of the account. 

login.php>        Logged in as Basic 

AuthType Basic 

AuthName "The space" 

require group agroup 


logout.php>      Want to call a script protected by

AuthType Digest 

AuthName "The Space" 

AuthUserFile /home/path/.htpasswd 

Require user nonexistent 



To log off, I’m using:"GET","logout.php",false,
"logoff", "logoff"); 



//* commented out right now 

In the .htaccess file I have: 


In the domain error log I

client used wrong authentication scheme `Basic': /path/force_logout.php,
referer: https://domain/path/ 

Then a popup window opens. 

When I type the wrong
user/password, in the error log I get: 

user `b' in realm `The Space' not found: /path/logout.php, referer: https://domain/path 


Does anyone know how to
switch between authentication type from a script?  I’m was thinking setRequestHeader
would work. 

In phpinfo() on a script in
the same directory, I have: 


HTTP Request GET /path/file

User-Agent Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv: Gecko/2008120122 Firefox/3.0.5  


Keep-Alive 300  

Connection keep-alive  

Cookie PHPSESSID=whatever 

Authorization Digest
username="user", realm="My Site", nonce="value",
uri="script", algorithm=MD5, response="value", qop=auth,
nc=00000001, cnonce="value 


What I’m not sure is
what the server is looking at.  The authorization value in the client
header?  Is that dictating what should happen. Httpd is complaining wrong
Authentication Scheme, which makes me think server side Authenticate header,
which is what I was trying for a while until I realized I was on the client. 

Can I change the headers and
it will work?  Is this the right thing to do? 

I dabbled a little with
setting different Authorization header values. 

But, I need a break and
could use some advice. 




New York PHP User Group Community Talk Mailing List
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the talk mailing list