scubak1w1 wrote:
Hello,
I have a series of web sites which use https:// authentication (using AD
integration to 'check the credentials' as it were) - all seems to be working
well..
I have been Googling et al. for a way to log the user off the site
"fully"...
I can do a series of things on the server side per Dreamweaver's Server
Behaviour / User Authentication | Log Out User, etc - but the client's
browser cache (?) still keeps the credentials, and so ifthey return to the
site (say, with their back button) they can get right back in...
Sounds like you are not properly expiring the session.
The only login credentials that ever should be stored with the client is
a session id.
Expire the session id - and the session ID in their cookie becomes
completely meaningless.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
