HTTP authentication (which is what you're using) is controlled by the
browser. Some browsers even keep the login/password after the window is
closed until the user logs out (Konqueror on Linux for one...)
If you want more control over logins and the ability to do a logout, you
should make your own login scheme using an HTML form for username/password
and setting a cookie to flag that the user is 'logged in'. Then, when the
user wants to log out, clear the cookie and job done :)
--
Shane
On Saturday 15 Dec 2001 5:37 am, J.F.Kishor wrote:
hello all,
I have already posted this mail, Is there anyone to help me out?,
it's urgent plz.!
I have designed a web page using php, as a security measure I have
kept it password protected. I have used Apache authentication, using
htpasswd file. Now I want to keep a logout in this web page, I tried to
send a header request http/1.0 401 Unauthorized to force it to
reauthenticate when the logout link is clicked in the form, but this dose
not work.
I tried using session_destroy() even that does not work.
To get the authenticated users name I have used GetEnv(REMOTE_USER) in
all the form and with that username I'am handling mysql and other
requests. I don't know where exactly the REMOTE_USER gets stored.
So please help me out in this problem. I want to remove the
window's authentication cache.
Please give me some ideas and suggestion to remove the user name and make
the page fresh for the other user to log in.
If possible please send me a sample script.
Thanks for sparing time on this mail.
with hope's,
- JFK
kishor
Nilgiri Networks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]