logout?!

karinne

So if I use the $PHP_AUTH_USER and $PHP_AUTH_PW, how do I log people out?! Do I have to use cookies?!

Sphynx

It looks like you need to send some headers stating that they are no longer authorized. So...

if(!isset($_SERVER['PHP_AUTH_USER']) || $_GET['logout']) {
  header("WWW-Authenticate: Basic realm=\"YOUR_REALM\"");
  header("Status: 401 Unauthorized");
  header("HTTP-Status: 401 Unauthorized");
  if($_GET['logout']) echo "You have logged out.\n";
  else echo "A MESSAGE FOR IF THEY HIT THE CANCEL BUTTON\n";
  exit;
}

karinne

Thank you... I thought it'd be something way more complicated! 🙂

karinne

Ok but they can still go around in the administration without re-logging?! They still have to close down the browser!

Is there a way that they don't have to close the browser?

TIA

karinne

btt

someone?! come on... somebody's gotta know this!? 😃

crosbystillsnas

hi karinne, this is a late reply, but i hope it helps you.

i just had the same problem logging out until i just overwrote the $PHP_AUTH_PW. the way to do so was just giving a $badPass in the href-parameter of the LogOut-link:

scheme: <a href="user:password@www.yourweb.net">link</a>

concrete: echo "<a href=\"http://".$PHP_AUTH_USER.":".$badPass."@www.yourweb.net[/url]">LogOut</a>";

the $badPass is a password that will never be given to any user.
i chose the real $PHP_AUTH_USER as the username, because the user will only have to type in the password again then, when re-logging.

this works in ie6. i did not test it with any other browser.

gretings from the other side of the big water. 🙂

crosbystillsnas

yea, great.... my first post in this forum as you can see.
the first smily is no riddle just a ":" and a "p", without any...

scheme:
...href="user:mypass"...

hope this works.

alanjrobertson

@ - thanks for that tip - it's excellent :p I'd thought there was no way to log folks out without getting them to close the browser. I much prefer this method!

Cheers

Alan