php is serverside, PHP_AUTH_USER is set by the client, therfore when you
unset() the serverside instance of PHP_AUTH_USER the client doesnt know
about this and keeps sending the username/pass. the only way I know of is to
re-send the http auth headers and change the domain. this works for me.
Header("WWW-Authenticate: Basic realm='someother-domain' ");
Header("HTTP/1.0 401 Unauthorized");
--
Chris Lee
[EMAIL PROTECTED]
"Eric J Schwinder" <[EMAIL PROTECTED]> wrote in
message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I used a pretty basic system to check HTTP authentication values against
> database values, but I can't seem to find a way to allow the user to log
> out. I tried:
>
> unset($PHP_AUTH_USER)
>
> but Internet Explorer hangs on to that value until all browser windows are
> closed. Is there any way around that?
>
> Thanks,
>
> Eric J Schwinder
> eric.AT.bergencomputing.DOT.com
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
