At 03:41 PM 2/1/02 -0800, Lazor, Ed wrote:
>Even with a javascript function opening a new window and closing the old?
>
>-----Original Message-----
>From: Matthew Walker [mailto:[EMAIL PROTECTED]]
>Sent: Friday, February 01, 2002 3:42 PM
>
>I've done some investigating on my own. There is no way to do this.
>Period.

It's not QUITE as impossible as this, but nearly.  You can give the browser a new 
challenge, and hope that it will clear the old username/password information that it's 
memorizing for the session.  But I have found that certain combinations in certain 
browsers can subvert any such techniques.  Thus, only quitting the browser entirely 
will force the browser to forget the authentication information.  HOWEVER, certain 
users with IE 5 on the Mac have reliably reported that even quitting the browser 
doesn't work for them, but they instead have to restart their machines.

(The HTTP specification mentions nothing about logout functionality.)

Thus, if logging out is important to your application, then using browser-based 
authentication is not an acceptable solution.  You'll have to use session management 
and build your own login screen.  (Or, of course, reuse an existing one from one of 
the many good public libraries.)

- Ken
[EMAIL PROTECTED]

>-----Original Message-----
>From: Aras Kucinskas [mailto:[EMAIL PROTECTED]] 
>Sent: Thursday, January 31, 2002 10:39 AM
>To: [EMAIL PROTECTED]
>Subject: [PHP] PHP and Apache authorization: how to logout. Help!
>
>My site is in directory which is protected with .htaccess file.
>I want to develope a logout function, which can reset Apache
>authorization.
>
>What to do?
>HTTP header...
>unset $PHP_AUTH_USER ...
>
>Any suggestions


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to