Time lasting PHP_AUTH_USER

Forum Moderators: coopster

Message Too Old, No Replies

Time lasting PHP_AUTH_USER

azornoz

12:34 am on May 11, 2004 (gmt 0)

Hi all, I have rearranged a litle script to login:

If is not set PHP_AUTH_USER send header 401.
If it is, connect to a db and get user's pwd.
If user doesn't exist send again header 401.
If user exist check if pwd's are the same.
If not, send again header 401.
If all went ok, document.location='file.php'

The little prob for me is the time lasting PHP_AUTH_USER, cos this script is for an intranet and some boxes will have 4 or 5 different users some days login in.

I need to unset this var, but:

unset ($_SERVER['HTTP_AUTH_USER']);

just doesn't do what I want, the next time (inmediately after) you access to the login script the var HTTP_AUTH_USER is set and then, from the same pc, you login like the previous user.

Some ideas to help this situation will be apreciated.
Regards

venelin13

5:58 am on May 11, 2004 (gmt 0)

Make a logout link and at the logout.php file, put this code:

$_SERVER['HTTP_AUTH_USER'] = "";

It should works fine.

azornoz

6:15 am on May 11, 2004 (gmt 0)

Thanks for the reply, I've tried it, but the var PHP_AUTH_USER is still set up and the next time you try to login from the same pc you just login like the previous user.

jatar_k

3:51 pm on May 11, 2004 (gmt 0)

Does it stay set when you close the browser? It shouldn't, maybe a little javascript to destroy the browser on logout.

azornoz

5:30 pm on May 11, 2004 (gmt 0)

Thanks for the reply, I'm trying konqueror and mozilla browsers now, please could you show me what javascript function or sentence could do the job 'destroying browser'.

I understand this is the forum for php, but if I have to tell you, javascript is not something that I'm used to, always try to evoid it if I can.

Best regards.

azornoz

5:55 pm on May 11, 2004 (gmt 0)

And yes, jatar_k, you were right, when you close the browser the var unsets when you are accesing remotely the webpage.

But I was trying the script in the same box: server and client, and perhaps that's the reason for not soon vanishing of PHP_AUTH_USER.

If you can post in 2 lines how to 'destroy the browser' without using an axe I just would like to see it. :D

Thanks

jatar_k

7:31 pm on May 11, 2004 (gmt 0)

I prefer to use the axe myself ;)

you could have the final page after logout go to a page that has

<html>
<head>
<title></title>
</head>
<body onLoad="javascript:self.close();">
<p>Thank you and goodbye
</body>
<html>

problem is, and this I didn't know, IE shows a message about this window being closed and Moz errors out, not allowing a script to close a page it didn't open.

so this may not be an option.

Timotheos

8:55 pm on May 11, 2004 (gmt 0)

Bunch of talk on this [zend.com] after a Zend article on the subject.