Does anybody have any ideas on how I can prevent caching of 
$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'], or clear them?

I currently have a restricted area on the site I'm currently designing 
and all works well until I log out.

When I log out I successfully destroy the session and the cookie and I'm 
refused access to all pages until I browse back to the page that 
processes my login to the restricted area.  I am then forwarded into the 
admin area as if I had logged in and my cookie and session have both 
been recreated.

Here is my current log out script:

session_start();
$_SESSION=array();
unset($_COOKIE[session_name()]);
$_SERVER['PHP_AUTH_USER']="loggedoutforgood";
$_SERVER['PHP_AUTH_PW']="loggedoutforgood";
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
session_destroy();
?>
<META http-equiv="refresh" content="0; URL=http://<? 
echo($_SERVER['HTTP_HOST']); ?>">

As you can see I have tried to modify the values for 
$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] as well as trying 
to delete the values associated to them by using unset.  I am now out of 
ideas, can anybody offer any suggestions ?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to