php is serverside, PHP_AUTH_USER is set by the client, therfore when you
unset() the serverside instance of PHP_AUTH_USER the client doesnt know
about this and keeps sending the username/pass. the only way I know of is to
re-send the http auth headers and change the domain. this works for me.

    Header("WWW-Authenticate: Basic realm='someother-domain' ");
    Header("HTTP/1.0 401 Unauthorized");


  Chris Lee

"Eric J Schwinder" <[EMAIL PROTECTED]> wrote in
> I used a pretty basic system to check HTTP authentication values against
> database values, but I can't seem to find a way to allow the user to log
> out.  I tried:
> unset($PHP_AUTH_USER)
> but Internet Explorer hangs on to that value until all browser windows are
> closed.  Is there any way around that?
> Thanks,
> Eric J Schwinder

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to