Olaf,
How about generating a hash-enhanced (TM) realm name, such as:
Basic Realm Session <HASH>
Then store that timestamp-based hash in the session. When you want to
user to bugger off, change the realm name. This is just a theory, and
I've not tested it at all.
David
Olaf Greve wrote:
> Hi all,
>
> Alright: here's a bit of a "challenge" (so as to avoid the word "issue")
> ;) my colleagues have run into previously: how to kill HTTP
> authentication...
>
> I remember that they never did figure that one out, and I too will now
> have to get my hands dirty with trying to find a proper way to do so.
>
> Simply unsetting the PHP_AUTH_USER and PHP_AUTH_PWD variables doesn't
> seem to do any magic, and using a forced 401 ('Unauthorized') HTTP
> header is also highly ideal (not to say blatantly dirty)...
>
> Soooo, has anyone found a proper way of achieving this (ideally from PHP)?
>
> Also, in case this cannot be done from PHP, does anyone know of any
> Apache modules (or tricks/tweaks/settings) that will allow HTTP
> authentication to be neatly destroyed?
>
> Thanks in advance, and cheers,
> Olafo
>
--
David Grant
http://www.grant.org.uk/
http://pear.php.net/package/File_Ogg 0.2.1
http://pear.php.net/package/File_XSPF 0.1.0
WANTED: Junior PHP Developer in Bristol, UK
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
