1

I have a page in php that I want no access to it except my application. if there is not session predefined I sent header location.

Then I thought using

header("HTTP/1.1 401 Unauthorized");
exit();

All working well and I can add my own "Unauthorized Message" I want. But why? I can easily not send any header (default will be 200) still with my "Unauthorized Message".

What is the point telling the browser the status code if it doesn't do anything?

Edit: I want to explain myself better. It doesn't matter if it's 404, 403 or 500. The browser will not show any message by it self, And if I won't use the exit it will keep render the rest of the page. so how it helps me to send the header?

Improve this question
5
  • 2
    If you tell the browser the status code, it will do something, it will tell the user that their access to the page is unauthorised: likewise, it will tell other access methods (such as curl) the same thing.... but you shouldn't simply send a 401 response, but also include a WWW-Authenticate header field containing a challenge applicable to the requested resource Commented Feb 1, 2014 at 22:42
  • Gil, I believe your answer lies inside the .htaccess file. Commented Feb 1, 2014 at 22:42
  • @MarkBaker the header i sent shows a white page. and if i won't use the exit() it will show the rest of the page Commented Feb 1, 2014 at 22:45
  • @gil - If you send a 401, you should also be sending a WWW-Authenticate header field, perhaps you should be sending a 403 instead, which should include a reason for rejection of the request Commented Feb 1, 2014 at 22:46
  • The header is only a line of data asking the browser to redirect. The rest of the page will still be served by PHP and can be looked at by the client by simply preventing the header command from executing. Commented Feb 1, 2014 at 22:47

1 Answer 1

Reset to default
2

The 401 status code will trigger an authentication popup on client side. (The WWW-Authenticate header is also needed for this...)

Details for example here:

http://en.wikipedia.org/wiki/Basic_access_authentication

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.