On 8/27/2013 9:46 AM, Stuart Dallas wrote:
On 27 Aug 2013, at 14:37, Jim Giner <jim.gi...@albanyhandball.com> wrote:
I"m using basic auth for a few of my pages that I want to limit access to -
nothing of a sensitive nature, but simply want to limit access to. Want to
implement a signoff process, but can't figure it out.
From the comments in the manual I take it one can't do this by simply
unsetting the PHP_AUTH_USER and _PW vars. Can someone explain to me why this
doesn't suffice? The signon process expects them to be there, so when they are
not (after the 'unset'), how come my signon process still detects them and
their values?
The global variables you're referring to are just that, global variables;
changing them will have no effect on the browser. Basic Auth was not designed
to allow users to log out, but you can make it happen with some Javascript.
Have your log out link call a Javascript function which sends an XMLHttpRequest
with an invalid username and password. The server will return a 401 which you
ignore and then take the user to whatever URL you want them to see after they
log off. Not pretty, but it works.
-Stuart
Thanks for the timely response!
Before I try your suggestion - one question. Since when is a global
variable not changeable? Doesn't the fact that it reflects a modified
value when I do change it tell me it worked? I change the value to
'xxx' and show it having that value, but when the script is called again
the old value appears. Very confusing!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php