Destroying the $ _SERVER session?

Question

Destroying the $ _SERVER session?

Ok, so I don't use any session variables, rather my code looks like this:

if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="Enter your Twitter username and password:"'); header('HTTP/1.0 401 Unauthorized'); echo 'Please enter your Twitter username and password to view your followers.'; exit(); } $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW'];

So my question is: how can I destroy this login session when the user wants to write out his (in this case) twitter login credentials?

+4

http php http-headers twitter http-authentication

Patrick c Jun 30 '09 at 23:59

source share

2 answers

Unable to destroy the HTTP authentication login server. This is one of the biggest disadvantages of this login form.

+7

Mitmaro Jul 01 '09 at 12:03

source share

Volkerk · Accepted Answer · 2009-07-01T00:17:14+0000

All you can do is send another 401 headers. The browser usually "forgets" the old value, opens a dialog for entering another user / password, and if users then click the "abort" button, they "log out". Two disadvantages:

The "Abort logon to logout" dialog may surprise users a bit.
"usually" means: better not to depend on it.

edit: And the answer has already been given, Sender of HTTP authentication via PHP

Destroying the $ _SERVER session?

More articles: