> >However, if you want more control over the authentication process I suggest
> >making your own login form and using cookies, instead of HTTP
> >authentication. Then you can log users out just by unsetting the cookie(s).
>
>This is how I will wind up going, EXCEPT the users will be required to
>click "logout", since merely closing the browser, in IE5.5, does not seem
>to clear the user/password from the browser's memory, NOR does it clear
>any session cookie. Again, works fine in other browsers, per spec.
I tried to read up on this thread before responding, so please excuse me if
I don't know all the facts. Have you tried using PHP's sessions to track
user logins? If cookies are available, it takes advantage of them. If
not, a session tracking variable is automatically appended to the url.
For my own web site, I register a session variable. For my situation, it
happens to be an array, but you may not need this.
if (! IsSet($user) ) {
$user = array();
session_register("user");
$user["Username"] = "Guest";
}
From there, present the visitor with a login form. Process the login form
and set the $user["Username"] variable after you've confirmed their
login. If you want them to log out, they click a link taking them to a
page that sets the variable back to $user["Username"] = "Guest". Best of
all, if they close their browser, the browser session is lost.
That setup allows people to work at a computer, logout of the web site, and
allow someone else to login. Or, they can just close the browser window
and let someone else sit down to open a new browser window and login.
There's one thing you'll want to keep in mind, in case you don't already
know it. Each browser window you spawn from the original uses the same
session. If you login and then press CTRL-N to open additional windows,
they will all use the same session. Of course, the way around this is to
just run separate copies of the program to gain additional windows.
Another thing of note, in case it will help, I'm using IE5.5 and don't
experience the problems you've described.
-Ed
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
