HTTP authentication (which is what you're using) is controlled by the
browser. Some browsers even keep the login/password after the window is
closed until the user logs out (Konqueror on Linux for one...)
If you want more control over logins and the ability to do a logout, you
should make your own login scheme using an HTML form for username/password
and setting a cookie to flag that the user is 'logged in'. Then, when the
user wants to log out, clear the cookie and job done :)
--
Shane
On Saturday 15 Dec 2001 5:37 am, J.F.Kishor wrote:
> hello all,
>
> I have already posted this mail, Is there anyone to help me out?,
> it's urgent plz.....!
>
> I have designed a web page using php, as a security measure I have
> kept it password protected. I have used Apache authentication, using
> htpasswd file. Now I want to keep a logout in this web page, I tried to
> send a header request "http/1.0 401 Unauthorized" to force it to
> reauthenticate when the logout link is clicked in the form, but this dose
> not work.
>
> I tried using session_destroy() even that does not work.
>
> To get the authenticated users name I have used GetEnv("REMOTE_USER") in
> all the form and with that username I'am handling mysql and other
> requests. I don't know where exactly the REMOTE_USER gets stored.
>
> So please help me out in this problem. I want to remove the
> window's authentication cache.
>
> Please give me some ideas and suggestion to remove the user name and make
> the page fresh for the other user to log in.
>
> If possible please send me a sample script.
>
> Thanks for sparing time on this mail.
>
> with hope's,
> - JFK
>
> kishor
> Nilgiri Networks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
