On 27 Aug 2013, at 15:06, Jim Giner <jim.gi...@albanyhandball.com> wrote:
> > On 8/27/2013 9:46 AM, Stuart Dallas wrote: >> On 27 Aug 2013, at 14:37, Jim Giner <jim.gi...@albanyhandball.com> wrote: >> >>> I"m using basic auth for a few of my pages that I want to limit access to - >>> nothing of a sensitive nature, but simply want to limit access to. Want to >>> implement a signoff process, but can't figure it out. >>> >>> From the comments in the manual I take it one can't do this by simply >>> unsetting the PHP_AUTH_USER and _PW vars. Can someone explain to me why >>> this doesn't suffice? The signon process expects them to be there, so when >>> they are not (after the 'unset'), how come my signon process still detects >>> them and their values? >> >> The global variables you're referring to are just that, global variables; >> changing them will have no effect on the browser. Basic Auth was not >> designed to allow users to log out, but you can make it happen with some >> Javascript. >> >> Have your log out link call a Javascript function which sends an >> XMLHttpRequest with an invalid username and password. The server will return >> a 401 which you ignore and then take the user to whatever URL you want them >> to see after they log off. Not pretty, but it works. >> >> -Stuart >> > Thanks for the timely response! > > Before I try your suggestion - one question. Since when is a global variable > not changeable? Doesn't the fact that it reflects a modified value when I do > change it tell me it worked? I change the value to 'xxx' and show it having > that value, but when the script is called again the old value appears. Very > confusing! I didn't say you couldn't change it, I said doing so will have no effect on the browser. It's not really confusing so long as you understand how PHP works. Each request is brand new - nothing is retained from previous requests. The two variable you're changing are set by PHP when the request comes in from the browser. The fact you changed them in a previous request is irrelevant because 1) that change was not communicated to the browser in any way, and 2) PHP doesn't retain any data between requests [1]. If you've been coding assuming that changes you make to global variables are retained between requests you must have been having some pretty frustrating times! -Stuart [1] The one exception to this is $_SESSION, but it's important to know how that works. The $_SESSION array is populated when you call session_start(). It's loaded from some form of storage (files by default) and unserialised in to $_SESSION. When the session is closed, either implicitly by the request ending or by a call to one of the methods that explicitly do it, the contents are serialised to the storage system. Once closed, any changes to $_SESSION will not be stored; it becomes just another superglobal (not that it was ever anything else). -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php