HTTP authentication (which is what you're using) is controlled by the 
browser.  Some browsers even keep the login/password after the window is 
closed until the user logs out (Konqueror on Linux for one...)

If you want more control over logins and the ability to do a logout, you 
should make your own login scheme using an HTML form for username/password 
and setting a cookie to flag that the user is 'logged in'.  Then, when the 
user wants to log out, clear the cookie and job done :)


On Saturday 15 Dec 2001 5:37 am, J.F.Kishor wrote:
> hello all,
>       I have already posted this mail, Is there anyone to help me out?,
> it's urgent plz.....!
>        I have designed a web page using php, as a security measure I have
>  kept it password protected. I have used Apache authentication, using
>  htpasswd file. Now I want to keep a logout in this web page, I tried to
>  send a header request "http/1.0 401 Unauthorized" to force it to
>  reauthenticate when the logout link is clicked in the form, but this dose
>  not work.
>  I tried using session_destroy() even that does not work.
>  To get the authenticated users name I have used GetEnv("REMOTE_USER") in
>  all the form and with that username I'am handling mysql and other
> requests. I don't know where exactly the REMOTE_USER gets stored.
>  So please help me out in this problem. I want to remove the
>  window's authentication cache.
>  Please give me some ideas and suggestion to remove the user name and make
>  the page fresh for the other user to log in.
>  If possible please send me a sample script.
> Thanks for sparing time on this mail.
> with hope's,
>                                               - JFK
> kishor
> Nilgiri Networks

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to