php is serverside, PHP_AUTH_USER is set by the client, therfore when you unset() the serverside instance of PHP_AUTH_USER the client doesnt know about this and keeps sending the username/pass. the only way I know of is to re-send the http auth headers and change the domain. this works for me.
Header("WWW-Authenticate: Basic realm='someother-domain' "); Header("HTTP/1.0 401 Unauthorized"); -- Chris Lee [EMAIL PROTECTED] "Eric J Schwinder" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I used a pretty basic system to check HTTP authentication values against > database values, but I can't seem to find a way to allow the user to log > out. I tried: > > unset($PHP_AUTH_USER) > > but Internet Explorer hangs on to that value until all browser windows are > closed. Is there any way around that? > > Thanks, > > Eric J Schwinder > eric.AT.bergencomputing.DOT.com > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]