On Wednesday 22 June 2005 13:32, Adam Prime x443 wrote: > Ideally, you expire the session on the server (ie, in the DB), rather than > by removing the cookie. > > Common hacks people use to remove cookies are setting the expiry in the > past, or to +1s, or simply to put invalid content into the cookie, which > your auth mechanism will subsequently disregard.
There is no cookie, this is basic auth we're talking about.
