> From: Stas Maximov [mailto:[EMAIL PROTECTED]] > Sent: Friday, August 30, 2002 8:02 AM > To: Matt Schroebel > Cc: PHP General > Subject: Re: [PHP] PHP_AUTH_USER > > > > You can't log out of http authentication. Close the > browser is it. Not > very secure, eh. Use a session based login method > if you > need logout > function. > > Why not? Sending this to the client should do the job: > > header('WWW-Authenticate: Basic realm="My Realm"'); > header('HTTP/1.0 401 Unauthorized'); That doesn't work for me, at least in IE 6. It pops up a new login window. If you hit cancel, the browser still sends the prior authorization header to the server on the next request. If you change the realm on one page, when you go back to the other page, the browser will still have the other realms authorization header. Thinking as I type, perhaps you mean to store the realm, and change it to something else when they logout? Such that one never sees the same realm twice.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
