HTTP authentication (which is what you're using) is controlled by the browser. Some browsers even keep the login/password after the window is closed until the user logs out (Konqueror on Linux for one...)
If you want more control over logins and the ability to do a logout, you should make your own login scheme using an HTML form for username/password and setting a cookie to flag that the user is 'logged in'. Then, when the user wants to log out, clear the cookie and job done :) -- Shane On Saturday 15 Dec 2001 5:37 am, J.F.Kishor wrote: > hello all, > > I have already posted this mail, Is there anyone to help me out?, > it's urgent plz.....! > > I have designed a web page using php, as a security measure I have > kept it password protected. I have used Apache authentication, using > htpasswd file. Now I want to keep a logout in this web page, I tried to > send a header request "http/1.0 401 Unauthorized" to force it to > reauthenticate when the logout link is clicked in the form, but this dose > not work. > > I tried using session_destroy() even that does not work. > > To get the authenticated users name I have used GetEnv("REMOTE_USER") in > all the form and with that username I'am handling mysql and other > requests. I don't know where exactly the REMOTE_USER gets stored. > > So please help me out in this problem. I want to remove the > window's authentication cache. > > Please give me some ideas and suggestion to remove the user name and make > the page fresh for the other user to log in. > > If possible please send me a sample script. > > Thanks for sparing time on this mail. > > with hope's, > - JFK > > kishor > Nilgiri Networks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]