Greetings! Here's my problem: I have a web-based application from which it is possible to log off. The user is authenticated through a .htpasswd file and then he access the system. After that a button is displayed that can log off the user. If he clicks on this, the application does the following: session_unregister() all the session variables and then session_destroy(). Now my problem is, if the user clicks back enough of time or if he manually enter the initial .php page in the url bar, he will reach the initial page where the user is usually authenticated throught he .htpasswd file. At this point the user is accepted automatically and he does not need to re-enter his user/password. I don't want this to be possible, i want the user to enter the user/password again. Is their an apache command to kill the session or some other approach to this problem??? Dominique Paquin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]