On 8/27/2013 9:46 AM, Stuart Dallas wrote:
On 27 Aug 2013, at 14:37, Jim Giner <jim.gi...@albanyhandball.com> wrote:

I"m using basic auth for a few of my pages that I want to limit access to - 
nothing of a sensitive nature, but simply want to limit access to.  Want to 
implement a signoff process, but can't figure it out.

 From the comments in the manual I take it one can't do this by simply 
unsetting the PHP_AUTH_USER and _PW vars.  Can someone explain to me why this 
doesn't suffice?  The signon process expects them to be there, so when they are 
not (after the 'unset'), how come my signon process still detects them and 
their values?

The global variables you're referring to are just that, global variables; 
changing them will have no effect on the browser. Basic Auth was not designed 
to allow users to log out, but you can make it happen with some Javascript.

Have your log out link call a Javascript function which sends an XMLHttpRequest 
with an invalid username and password. The server will return a 401 which you 
ignore and then take the user to whatever URL you want them to see after they 
log off. Not pretty, but it works.


Thanks for the timely response!

Before I try your suggestion - one question. Since when is a global variable not changeable? Doesn't the fact that it reflects a modified value when I do change it tell me it worked? I change the value to 'xxx' and show it having that value, but when the script is called again the old value appears. Very confusing!

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to