Unsetting Server Variables

epp_b

I'm using HTTP authentication to require a user to type a User ID and password.

if (!isset($_SERVER['PHP_AUTH_USER'])) {

// bunch of header authentication commands and structures here

}
else {
// id and/or password is invalid
}

My problem is: The only way to log out is to close all of the browser windows. I want the user to be able to log out without having to close all of the browser windows.

Since the script is checking to see whether or not the user id variable is set, is there a way to unset it?

unset($_SERVER['PHP_AUTH_USER']);

didn't work.

I also tried to put ($_SERVER['PHP_AUTH_USER']) into a variable, and unset the variable. That didn't work either. Help😕

bbaassiri

let me take a wild guess into your problem, are you using MSIE

epp_b

Yup. That's Microsoft for ya.

bbaassiri

also it might the fact that global vars are read only and if changed it won't be reflected untill the next time it is loaded/accessed

jeremuck

give them a cookie with a "loggedout" flag or something

bbaassiri

ok, so there is some use of sessions to keep track whether or not a user is logged in or not. This makes the scope of the problem in the logic of keeping track of sessions then. How do you do this?

epp_b

Thanks. I think the cookie solution would be easiest.

jeremuck

when they log in using the HTTP auth stuff, you set a session thingy saying they are logged in.
From that point on, you test the session var.
When they click on a log out link, it you set the session var false...
since you are continuing to check, they will be logged off.

It's a nice solution... HTTP auth will keep users from typing something like index.php?loggedin=true and you can let them log out easily.

philipolson

Logging out of HTTP authentication is explained here:

http://www.php.net/manual/en/features.http-auth.php

Editor

Hi there epp_b.

Althought i havent tried this method as yet i also do have the same problem as you.

To say MSIE is the problem is not the solution.

Anyways since i dont want to enter into a MS vs. Linux discussion...

Maybe using the unset() function might also help.

***unset -- Unset a given variable

function foo() {
unset($GLOBALS['bar']);
}

$bar = "something";
foo();

Maybe a senior member would like to comment on this.