Greetings!
Here's my problem:
I have a web-based application from which it is possible to log off.
The user is authenticated through a .htpasswd file and then he access the
system. After that a button is displayed that can log off the user. If he
clicks on this, the application does the following:
session_unregister() all the session variables and then
session_destroy().
Now my problem is, if the user clicks back enough of time or if he manually
enter the initial .php page in the url bar, he will reach the initial page
where the user is usually authenticated throught he .htpasswd file. At this
point the user is accepted automatically and he does not need to re-enter
his user/password.
I don't want this to be possible, i want the user to enter the user/password
again. Is their an apache command to kill the session or some other
approach to this problem???
Dominique Paquin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
