hi,
i coded a login script without the header ["www-authenticate ...etc] because my login script with this header
didn´t let log me out! the $SERVER['PHP_AUTH_USER'] and $SERVER['PHP_AUTH_PW'] are kept somewhere
in the IE cash, so using this script the user is logged in till he closes the browser. i tried it with unsetting this variables
or giving them a value of "" (really nothing) - but it didn't work. i thought the user is supposed, once all these variables are
unset to login again - but it doesn't work. i heard that this is an IE internal configuration thing???
so i tried to code another login script. my problem now is, thta i don't realyy know, if it is to dabgerous
to keep the username una password in a session? (don't laugh - i think it is :-)). but i can´t set $SERVER['PHP_AUTH_USER']
and $SERVER['PHP_AUTH_PW'] and store them "like this". i loose these values if i go to another page and call them -
they are empty. i think this works only with HEADER [?WWW_AUTHEN.....].
is there a chance or:
to unset these $SERVER variables when you logged in with HEADER ["WWW-Authentica....]
or
to logout in another manner so the ie is forced to send again this header
or
is it gangerous to keep the (urs/pwd) in a session
or
is it possible to set $_SERVER variables without using header[www....] and keep them during tho whole session?
thanks
mike
