Jump to content


Logging out from an HTTP Authorization

  • Please log in to reply
3 replies to this topic

#1 ferrins

  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 07 October 2006 - 10:33 AM

Hi everybody! A friend of mine gave me a hand to finish the script that follows, it works ok so, of course, feel free to use it in your sites. Now the problem is that I can't log out!!! I've tried to unset the $_SERVER['PHP_AUTH_USER'])) and the $_SERVER['PHP_AUTH_PW'])) but I can't figure out why it doesn't log out. So here you have the script to log in, any idea to log put will be much appreciated!!!

if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="admin"');
header('HTTP/1_0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
} else {
$nick = $_SERVER['PHP_AUTH_USER'];
$passwd = $_SERVER['PHP_AUTH_PW'];

$sql = "SELECT nick,passwd,id_admin FROM admin WHERE nick='$nick' AND passwd='$passwd'";
$res = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($res);
if( $row['nick']==$nick && $row['passwd']==$passwd ){
/* redirect id the username or pass are correct */
$redirect = "admin/index.php";
header("Location: {$redirect}");
die("If the page doesn't redirect click <a href='{$redirect}'>here</a>");
    echo 'Text to send if user entered incorect username or password!';

#2 xyn

  • Members
  • PipPipPip
  • Advanced Member
  • 779 posts
  • LocationNorthampton

Posted 07 October 2006 - 10:44 AM

well when all web browsers are closed it will automatically log-out,
as you're using sessions, you could use the simple javascript...

otherwise you could use a function...
function AccountExit(){
$nick = $_SERVER['PHP_AUTH_USER'];
$passwd = $_SERVER['PHP_AUTH_PW'];
$admin_id = $_SESSION['id_admin'];
session_unset ("$nick,$passwd,$admin_id");
echo 'logged out';

#3 printf

  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 07 October 2006 - 02:39 PM

xyn, idea of the closing window is good, with maybe a information alert() or maybe a logout link with information on the logout page would also work. Apache, and most other servers do not have any implementation of logging out of a server based authorized session. There are hacks, like putting a different username and password into a URL string and sending them to a page and catching the login error and redirecting them. But that will not work in IE, as IE removed that option, it does work in every other browser that I have tested. As for the server implementation, only Sambar, both Linux and Window versions, supports logging out of a server controlled authorized session, because it has a built in session handler.


#4 ferrins

  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 09 October 2006 - 08:28 AM

Hi fellas!
Well definetely I'm taking the javascript solution, thankx!!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users