Does anybody have any ideas on how I can prevent caching of $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'], or clear them?
I currently have a restricted area on the site I'm currently designing and all works well until I log out. When I log out I successfully destroy the session and the cookie and I'm refused access to all pages until I browse back to the page that processes my login to the restricted area. I am then forwarded into the admin area as if I had logged in and my cookie and session have both been recreated. Here is my current log out script: session_start(); $_SESSION=array(); unset($_COOKIE[session_name()]); $_SERVER['PHP_AUTH_USER']="loggedoutforgood"; $_SERVER['PHP_AUTH_PW']="loggedoutforgood"; unset($_SERVER['PHP_AUTH_USER']); unset($_SERVER['PHP_AUTH_PW']); session_destroy(); ?> <META http-equiv="refresh" content="0; URL=http://<? echo($_SERVER['HTTP_HOST']); ?>"> As you can see I have tried to modify the values for $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] as well as trying to delete the values associated to them by using unset. I am now out of ideas, can anybody offer any suggestions ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
