Re: How to destroy HTTP authentication (from PHP)?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jochem (and others),

save the 'authenticated' state in the session;
only send out the http auth headers when:

1. the user is not authenticated
2. the page is should be protected

logging out would then clear the 'authenticated'
state from the SESSION

now I probably didn't explain that very well - but I can say I
have that concept working - unfortunately the relevant classes
that I wrote to do that are heavily interdependent on other
stuff which makes it's useless for putting the point accross;
anyway hope the idea helps.

Actually, the idea does make a lot of sense. In fact, that very trick was what was previously used in the application. The reason it's not used anymore like that, is that the PHP sessions didn't seem to work reliably for several end users (a long story...), and that we're trying to revert back to the inherent authentication mechanism (i.e. HTTP authentication) of the CMS that's being used...

Anyway... I just encountered the following page:
http://httpd.apache.org/docs/1.3/howto/auth.html

If you scroll down to the section called: "How do I log out?", you'll find a pretty definite answer regarding 'real' HTTP authentication destruction: it cannot be done. :(

Good, I'll ponder some more on a good 'plan B' to provide the client with the functionality they desire, without having to spend too many hours on it...

Tnx for the answers!

Cheers!
Olafo

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux