You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Max Yu <yu...@yahoo.com> on 2005/12/14 21:27:29 UTC

[users@httpd] How to unset $PHP_AUTH_USER and $PHP_AUTH_PW

We run apache 2.0.52 on Fedora Core 3. After log out, the userid
and password are stored in $PHP_AUTH_USER and $PHP_AUTH_PW,
unless close the browser completely. It can be automatically
relogin if click the login bottun again. So we have to set up
login in twice to prevent illegal login.

So how to unset $PHP_AUTH_USER and $PHP_AUTH_PW when logout, so
user doesn't need to close the browser? 

Thanks,

Max 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How to unset $PHP_AUTH_USER and $PHP_AUTH_PW

Posted by Max Yu <yu...@yahoo.com>.

Only using session_detroy() is not enough to unset the
variables. I will try the codes Nico mentioned and see what
happens. 

Thanks Nico.

Max

--- Nico <ni...@gmail.com> wrote:

> 2005/12/15, Max Yu <yu...@yahoo.com>:
> 
> > We run apache 2.0.52 on Fedora Core 3. After log out, the
> userid
> > and password are stored in $PHP_AUTH_USER and $PHP_AUTH_PW,
> > unless close the browser completely. It can be automatically
> > relogin if click the login bottun again. So we have to set
> up
> > login in twice to prevent illegal login.
> >
> > So how to unset $PHP_AUTH_USER and $PHP_AUTH_PW when logout,
> so
> > user doesn't need to close the browser?
> 
> Hi,
> 
> This problem comes from PHP and not from Apache.
> These variables are stored on the browser.
> You must create a session (if it is not already done) and to
> destroy
> it : session_detroy();
> 
> See this :
> http://www.php.net/manual/en/features.http-auth.php
> 
> And read sample code. There are many examples to login/logout
> This one works with IE6 and FireFox :
> http://www.php.net/manual/en/features.http-auth.php#51399
> --
> nico
> 
>
---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How to unset $PHP_AUTH_USER and $PHP_AUTH_PW

Posted by Nico <ni...@gmail.com>.

2005/12/15, Max Yu <yu...@yahoo.com>:

> We run apache 2.0.52 on Fedora Core 3. After log out, the userid
> and password are stored in $PHP_AUTH_USER and $PHP_AUTH_PW,
> unless close the browser completely. It can be automatically
> relogin if click the login bottun again. So we have to set up
> login in twice to prevent illegal login.
>
> So how to unset $PHP_AUTH_USER and $PHP_AUTH_PW when logout, so
> user doesn't need to close the browser?

Hi,

This problem comes from PHP and not from Apache.
These variables are stored on the browser.
You must create a session (if it is not already done) and to destroy
it : session_detroy();

See this :
http://www.php.net/manual/en/features.http-auth.php

And read sample code. There are many examples to login/logout
This one works with IE6 and FireFox :
http://www.php.net/manual/en/features.http-auth.php#51399
--
nico

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org