I'm having a devil of a time trying to "unset" the built-in global
$PHP_AUTH_USER.  My aim is to have a "logout" button.
Obviously the first thing to try is unset($PHP_AUTH_USER).  No good -
when I refresh the page it's back.
Then I tried unset($_SERVER['PHP_AUTH_USER']) - same deal.  I also tried
session_destroy() and unset($_COOKIE[session_name()]).  All failed - as
soon as I refresh the page, the $PHP_AUTH_USER value is restored.
I heard that if you send the header lines:
    Header('WWW-Authenticate: Basic realm="My Realm"');
    Header("HTTP/1.0 401 Unauthorized");

...then the browser clear its authentication cache (and the value is
forgotten), but those lines also cause that username/password dialog to
pop up.  That's not what I want.  I want logout functionality, not log
in again functionality.
Anyone know how to make the value of $PHP_AUTH_USER get completely
forgotten via a couple of simple lines of code?  It should be easy - how
many sites out there do you see with a "log out" button?
P.S.  The logout facility in phpMyAdmin has problems - it's actually a
"relogin" facility, and if you supply the same username and password you
don't get logged in.

Reply via email to