I've used HTTP authentication in PHP by sending the required header.
Does anyone know how to clear $PHP_AUTH_USER and $PHP_AUTH_PW so that the user is logged off?
You can't; HTTP BASIC auth doesn't provide for it. Best you can do is force the issue by sending another required-authorization header. If the user hits "cancel" his/her browser will forget the login credentials. It's not as secure as it sounds.
