Authentication Cache Question!!

j7n5u

Hi,

I am using the basic php Authentication header to request login credentials from clients. I am then using this information to authenticate them against a Radius Server.

If the client enters an incorrect UserID or password, they are redirected to an appropriate error page. They then can choose to try and login again. But when they do the browser has stored there previously attempted (incorrect) information (UserID and Password), and sends the old information.

The only way to get around it is by close the browser and re-opening it which allows the user to re-enter there information.

Does anyone know if there is an option that can be set so no caching of the information takes place?

Thanks,
Lucas Clark

TheDefender

Try using the unset() function

IF(ISSET($variable) && $variable != '') {
  unset($variable);
}

I haven't seen this problem you are describing on my sites (personally), so I don't know if this will work for you, but give it a whirl.

j7n5u

Thanks, but didn't work!

I have viewed a lot of sites which says to send a " http/1.1 401 " header, that will in turn remove any authentication stored cache. Unfortunately the only time this works is when the user clicks on the cancel button.

For some reason if a user tries to login through the same browser it remembers the most recent attempted ID and Password.

Lucas