Dear Adam,
Are you using 'realm' authentication setup?
with regards
Sukumar .S
On Tue, 29 Jan 2002, Adam wrote:
> Date: Tue, 29 Jan 2002 14:47:42 -0600
> From: Adam <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: [PHP] Help! (How are sessions intended to work?)
>
> My Setup Specs
> --------------
>
> PHP 4.1.1, MySQL 3.23.36, & Apache 1.3.19 with mod_auth_mysql on OpenBSD
> 3.0 (OS).
>
> Issue
> -----
>
> Scenerio: User provides user_id and password. user_id and password are
> checked against the database (MySQL). If authentication is true the a
> session is started based on thier user_id. If autehentication is false
> Error 403 is displayed to user.
>
> How do you destroy a session/user authentication so the user can not use
> the browser back button? I have session_destroy() which seems to work
> fine (deletes session files in /tmp) but when you press the browser back
> button the exact session that was supposidly destroied is created again.
> I've tried using unset() to reset variables but that doesn't seem to
> work either. Any ideas... please epxplain this to me. I'm total lost why
> this isn't working. BTW, I'm using cookies. Another question I would
> have is.. to kill the cookie do I have to use set_cookie to remove the
> cookie from the users browser or is this also destroied in the
> session_destroy process? If it is suppose to be why is it not doing so?
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
----------------------------------------------------------------------
A real friend is one who walks in when the rest of the world walks out
----------------------------------------------------------------------
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
