I'm having a devil of a time trying to "unset" the built-in global $PHP_AUTH_USER. My aim is to have a "logout" button. Obviously the first thing to try is unset($PHP_AUTH_USER). No good - when I refresh the page it's back. Then I tried unset($_SERVER['PHP_AUTH_USER']) - same deal. I also tried session_destroy() and unset($_COOKIE[session_name()]). All failed - as soon as I refresh the page, the $PHP_AUTH_USER value is restored. I heard that if you send the header lines: Header('WWW-Authenticate: Basic realm="My Realm"'); Header("HTTP/1.0 401 Unauthorized");
...then the browser clear its authentication cache (and the value is forgotten), but those lines also cause that username/password dialog to pop up. That's not what I want. I want logout functionality, not log in again functionality. Anyone know how to make the value of $PHP_AUTH_USER get completely forgotten via a couple of simple lines of code? It should be easy - how many sites out there do you see with a "log out" button? Mark. P.S. The logout facility in phpMyAdmin has problems - it's actually a "relogin" facility, and if you supply the same username and password you don't get logged in.