definite logout

michibk

How can I defintely log out when before i was logged in using the http headers and setting $SERVER['PHP_AUTH_USER'] and $SERVER['PHP_AUTH_PW']???
A simple unset of these variables and a session destroy (where i had registered all other relevant variables) doesn't work!
Somewhere the PHP_AUTH_USER and PW are stored! Even if i unset this variables and echo them, they seem not to be set - but when i go to the first page of my script, where it is verified against a database (username and password) the login messages
don't appear - because somewhere the PHP_AUTH_ variables are stored!
i always have to close the browser and reopen it - then it works!

any suggestions

mike

Anon

If you are using IE, the internal code on IE holds the session until the browser is closed. Unfortuantely this behaviour is by design. Hence session_destroy etc won't completely log you out.

michibk

o.k -
sounds reasonable. i use ie, and nor unsetting these variables nor other stuff worked.
thanks!

mike

michibk

does this mean that only working with sessions a log out in ie browsers didn't work? or has this to do with the http header log in? maybe realizing the login not using this http-header information and not registering PHP_AUTH_USER will work??