On 27 Aug 2013, at 14:37, Jim Giner <jim.gi...@albanyhandball.com> wrote:
> I"m using basic auth for a few of my pages that I want to limit access to - > nothing of a sensitive nature, but simply want to limit access to. Want to > implement a signoff process, but can't figure it out. > > From the comments in the manual I take it one can't do this by simply > unsetting the PHP_AUTH_USER and _PW vars. Can someone explain to me why this > doesn't suffice? The signon process expects them to be there, so when they > are not (after the 'unset'), how come my signon process still detects them > and their values? The global variables you're referring to are just that, global variables; changing them will have no effect on the browser. Basic Auth was not designed to allow users to log out, but you can make it happen with some Javascript. Have your log out link call a Javascript function which sends an XMLHttpRequest with an invalid username and password. The server will return a 401 which you ignore and then take the user to whatever URL you want them to see after they log off. Not pretty, but it works. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
