I just mentioned that as an example.

For this authentification the server sends a Authorization header.
The client's browser requests the credentials from the user and save them in the RAM.
Now the client's browser sends the credentials to the server.
And what's important: The browser sends the credentials in each further request from now. So the browser stores the username and password for the session in the RAM and they can't be changed or deleted from the server's side. In fact the authorization works similar to cookies with the difference, that cookies can be set server-side and the HTTP authorization can't. That's the reason why you can't unset the invalid credentials, if entered one time the browser will send them in each request, it doesn't matter what the server does.

I hope you understood what I mean...

Am 10.06.2013, 23:14 Uhr, schrieb Jim Giner <jim.gi...@albanyhandball.com>:

On 6/10/2013 4:33 PM, Julian Wanke wrote:
I think that the problem here is, that the unset of the
$_SERVER["PHP_AUTH_USER"] variable is not affecting the client's browser.
If you've got a directory protection, the browser needs a restart to
show the login dialog before.
I may be wrong because I'm using forms normally but the Authentification
cannot be reset so easily...

No - I think you misunderstood. I am NOT using directory protection, hence my attempt at using this method.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to