HTTP authentication

pablodelapena

When using $_SERVER['PHP_AUTH_USER'] to log users in and out there is one small problem i have come across.

I am used to suing sessions for general user authentication. However for more secure parts of the site I wish to use rock solid HTTP authentication. But my problem is this:

How do i log a user out? With sessions i use the function session_destroy(); to remove the suer info from the session. Does HTTP Authentication have a similar function?

laserlight

From the PHP Manual:
http://www.php.net/manual/en/features.http-auth.php

Both Netscape Navigator and Internet Explorer will clear the local browser window's authentication cache for the realm upon receiving a server response of 401. This can effectively "log out" a user, forcing them to re-enter their username and password. Some people use this to "time out" logins, or provide a "log-out" button.