I'm having a devil of a time trying to "unset" the built-in global
$PHP_AUTH_USER. My aim is to have a "logout" button.
Obviously the first thing to try is unset($PHP_AUTH_USER). No good -
when I refresh the page it's back.
Then I tried unset($_SERVER['PHP_AUTH_USER']) - same deal. I also tried
session_destroy() and unset($_COOKIE[session_name()]). All failed - as
soon as I refresh the page, the $PHP_AUTH_USER value is restored.
I heard that if you send the header lines:
Header('WWW-Authenticate: Basic realm="My Realm"');
Header("HTTP/1.0 401 Unauthorized");
...then the browser clear its authentication cache (and the value is
forgotten), but those lines also cause that username/password dialog to
pop up. That's not what I want. I want logout functionality, not log
in again functionality.
Anyone know how to make the value of $PHP_AUTH_USER get completely
forgotten via a couple of simple lines of code? It should be easy - how
many sites out there do you see with a "log out" button?
P.S. The logout facility in phpMyAdmin has problems - it's actually a
"relogin" facility, and if you supply the same username and password you
don't get logged in.