I have some code put together to authenticate users with both PHP_AUTH_USER/PW and cookies.

After a cookie expires, i want to send my users back to the authentication page for which the Header("HTTP/1.0 401 Unauthorized"); is specified to prompt a user to enter a login and password.

My problem is that PHP_AUTH_USER and PW seems to be cached into the browser. How can I either flush the cache or reset PHP_AUTH_USER/PW so that the user can be prompted with the login/password prompt?

I've attempted setting PHP_AUTH_USER = "" but then the authentication will not work.

I've searched for previous posts related to what i'm trying to achieve, but no luck.

Thanks for the help as always.

Vinnie Lima

    I dont know if this works, but try $PHP_AUTH_USER = NULL;

    -Chris

      9 months later

      Both Netscape and Internet Explorer will clear the local browser window's authentication cache for the realm upon receiving a server response of 401.
      This can effectively "log out" a user, forcing them to re-enter their username and password. Some people use this to "time out" logins, or provide a "log-out" button.
      Works 4 me!

        5 months later

        Do you have an example of how to do this? I've tried, but am still unsuccessful.

          I ended up implementing a logged in field on the users table and used that method instead.

            3 months later

            From APACHE ITSELF:

            "http://httpd.apache.org/docs/howto/auth.html"

            How do I log out?
            Since browsers first started implementing basic authentication, website administrators have wanted to know how to let the user log out. Since the browser caches the username and password with the authentication realm, as described earlier in this tutorial, this is not a function of the server configuration, but is a question of getting the browser to forget the credential information, so that the next time the resource is requested, the username and password must be supplied again. There are numerous situations in which this is desirable, such as when using a browser in a public location, and not wishing to leave the browser logged in, so that the next person can get into your bank account.

            However, although this is perhaps the most frequently asked question about basic authentication, thus far none of the major browser manufacturers have seen this as being a desirable feature to put into their products.

            Consequently, the answer to this question is, you can't. Sorry.

              Write a Reply...