Some basics here, forgive me if seems too simple. "Logging out" is required when an active, continuously checked connection is maintained between one machine and another in order to free up the connection for use again. Neither the Web Browser or the Apache server maintains these kinds of connections, so logging out is theoretically unnecessary. When apache servers up a web page for you, it then "forgets" all about your visit and could care less if you come back for another page, basically logging you out after every page.
This poses problems for PHP application implementers, when the application needs to "remember" what you entered two pages ago to satisfy a request on the current page. This is typically solved by using sessions where a special encrypted key is passed to your browser to be passed back to the server with each request for a page. This allows the application to "remember" information about the pages you have been to and forms you have filled out, by saving information under this key on the servers local storage devices and looking it up again as needed. This key that is passed with each request from the browser to the server then acts as the identifier of a continuous connection (your session) and each new visitor is assigned their own key. There are basically two ways to loose track of this connection; 1) destroy the key at the browser, often done by closing the browser, but this can be overridden and 2) destroying the record of "remembered" information stored under the session key on the server. The risk in all this is that if someone else copies the session key from your browser and installs it in their browser, they now have access to all the "remembered" information. One safeguard against this is to automatically removes session stores of information after some small amount of inactive time. Another safeguard is to have the visitor to your site actively indicate that they are through, and remove the session stored data, and the key from the browser under PHP control (see kill_session()) in the reference below). http://www.php.net/manual/en/features.http-auth.php http://www.php.net/manual/en/features.cookies.php http://www.php.net/manual/en/ref.session.php Technically this is not the same kind of logout that was more prevalent in days of old, but I may feel the same. hope this helps, Warren Vail -----Original Message----- From: Firman Wandayandi [mailto:[EMAIL PROTECTED] Sent: Thursday, March 18, 2004 11:43 AM To: Labunski Cc: PHP-GEN Subject: Re: [PHP] How to LogOut ? Hi Labunski, You couldn't logout, except you close your browser. Anyone please correct me. Regards, Firman ----- Original Message ----- From: "Labunski" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 19, 2004 2:08 AM Subject: [PHP] How to LogOut ? > I made Login page using http auth method ($PHP_AUTH_USER), and it's workong > fine. > But how to LogOut user? > > > Thanks for all the answers. > Lab. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
