Michael Ed wrote:
> Is there a smart, or clumsy, way to
> bail out from a mgd site where authentication
> is set required and the log on again
> as another user without closing down
> the browser?
>
> I want different users to access the same PC
> but as themselves, so they get the right
> ID (and access level).
>
> How about mgd_logoff_host ? :-)
If you're using cookie auth it's pretty simple -- revoke the cookie.
With HTTP auth it's harder, since there's no way to force the browser
to 'forget' the authentication info. There's various ways to try, with
varying degrees of success.
One (admittedly very inelegant) way I've done this in the past is to
have a prefixed host resolving to the same apache VirtualHost
(important) with an active (not important) root page set to no
authentication that has a code-init element that does:
<?
if ($PHP_AUTH_USER != 'logout') {
header("WWW-Authenticate: Basic realm=\"realm_of_your_site\"");
header("HTTP/1.0 401 Unauthorized");
echo "Enter 'logout' to log out";
exit;
}
header("Location: http://yourserver/";);
exit;
?>
This would force them to 'log in' as user logout with any password,
then redirect them to the real site which would require them to log in
once more. It's important that the browser thinks it's the same site
(which is why I used a prefixed 'logout host' record), and that the
realm matches the real site (which is the sitegroup realm field if
you're using sitegroups).
Emile
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
