On 27 Aug 2013, at 15:06, Jim Giner <jim.giner@xxxxxxxxxxxxxxxxxx> wrote: > > On 8/27/2013 9:46 AM, Stuart Dallas wrote: >> On 27 Aug 2013, at 14:37, Jim Giner <jim.giner@xxxxxxxxxxxxxxxxxx> wrote: >> >>> I"m using basic auth for a few of my pages that I want to limit access to - nothing of a sensitive nature, but simply want to limit access to. Want to implement a signoff process, but can't figure it out. >>> >>> From the comments in the manual I take it one can't do this by simply unsetting the PHP_AUTH_USER and _PW vars. Can someone explain to me why this doesn't suffice? The signon process expects them to be there, so when they are not (after the 'unset'), how come my signon process still detects them and their values? >> >> The global variables you're referring to are just that, global variables; changing them will have no effect on the browser. Basic Auth was not designed to allow users to log out, but you can make it happen with some Javascript. >> >> Have your log out link call a Javascript function which sends an XMLHttpRequest with an invalid username and password. The server will return a 401 which you ignore and then take the user to whatever URL you want them to see after they log off. Not pretty, but it works. >> >> -Stuart >> > Thanks for the timely response! > > Before I try your suggestion - one question. Since when is a global variable not changeable? Doesn't the fact that it reflects a modified value when I do change it tell me it worked? I change the value to 'xxx' and show it having that value, but when the script is called again the old value appears. Very confusing! I didn't say you couldn't change it, I said doing so will have no effect on the browser. It's not really confusing so long as you understand how PHP works. Each request is brand new - nothing is retained from previous requests. The two variable you're changing are set by PHP when the request comes in from the browser. The fact you changed them in a previous request is irrelevant because 1) that change was not communicated to the browser in any way, and 2) PHP doesn't retain any data between requests [1]. If you've been coding assuming that changes you make to global variables are retained between requests you must have been having some pretty frustrating times! -Stuart [1] The one exception to this is $_SESSION, but it's important to know how that works. The $_SESSION array is populated when you call session_start(). It's loaded from some form of storage (files by default) and unserialised in to $_SESSION. When the session is closed, either implicitly by the request ending or by a call to one of the methods that explicitly do it, the contents are serialised to the storage system. Once closed, any changes to $_SESSION will not be stored; it becomes just another superglobal (not that it was ever anything else). -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
