scubak1w1 wrote:

I have a series of web sites which use https:// authentication (using AD integration to 'check the credentials' as it were) - all seems to be working well..

I have been Googling et al. for a way to log the user off the site "fully"...

I can do a series of things on the server side per Dreamweaver's Server Behaviour / User Authentication | Log Out User, etc - but the client's browser cache (?) still keeps the credentials, and so ifthey return to the site (say, with their back button) they can get right back in...

Sounds like you are not properly expiring the session.
The only login credentials that ever should be stored with the client is a session id.

Expire the session id - and the session ID in their cookie becomes completely meaningless.

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to