On 8/27/2013 9:46 AM, Stuart Dallas wrote:
On 27 Aug 2013, at 14:37, Jim Giner <jim.giner@xxxxxxxxxxxxxxxxxx> wrote:
I"m using basic auth for a few of my pages that I want to limit access to - nothing of a sensitive nature, but simply want to limit access to. Want to implement a signoff process, but can't figure it out.
From the comments in the manual I take it one can't do this by simply unsetting the PHP_AUTH_USER and _PW vars. Can someone explain to me why this doesn't suffice? The signon process expects them to be there, so when they are not (after the 'unset'), how come my signon process still detects them and their values?
The global variables you're referring to are just that, global variables; changing them will have no effect on the browser. Basic Auth was not designed to allow users to log out, but you can make it happen with some Javascript.
Have your log out link call a Javascript function which sends an XMLHttpRequest with an invalid username and password. The server will return a 401 which you ignore and then take the user to whatever URL you want them to see after they log off. Not pretty, but it works.
-Stuart
Thanks for the timely response!
Before I try your suggestion - one question. Since when is a global
variable not changeable? Doesn't the fact that it reflects a modified
value when I do change it tell me it worked? I change the value to
'xxx' and show it having that value, but when the script is called again
the old value appears. Very confusing!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
