login &amp; LOGOUT control

login & LOGOUT control

Anon

Hello,

I have searched the web and found a 1000 exaples, tutors, script & tips covering the subject of user authinication / login in php using a wide varity of methods such as sessions, cookies, mysql, flatfiles, etc, etc, etc.

Surprisingly I am yet to find one page/site that provides comlpeat explanation/solution that does the following using PHP, .htpasswd
and header( 'HTTP/1.0 401 Unauthorized' ); method.

NOTE Both login and LOGOUT required

Is there any one out there who has seen anything like this 8-)

A. LOGIN

1a. check if user has just come in.
1b. check if user has logedout and come back again
2. prompt for username and password
3. check if user is valid/ok
4a. if ok redirect user to next page
4b. or redirect user back to login page

B. LOGOUT
1. logout and confirm to user that he has been logged out

Ciao,

kurtsu

The problem with using HTTP basic authentication (the '401' return code) is that modern browsers cache the username and password, so the next time that browser goes to the login page, they just transparently log back in. There are tricks for some browsers to flush that cache, but most browsers have to be shut down and restarted.

If you set a cookie, you can recognize when this has happened, but there's nothing you can do but tell the user to restart their browser and try again. Which sucks.