Force SSL to reauthenticate
Posted on 2006-07-14
Using Apache 2.0.46 and PHP 4.4.1. I've set up an administrative section to my site secured with SSL and .htaccess-style text files. Part of the administrative section is the ability to manage the local employees, including adding/removing and changing passwords. There are certain points at which I will rewrite the entirety of the text file to 'reconcile' my table-based employee list and the web server's access list. My concern now is forcing an SSL reset on any existing sessions.
I've tried destroying the sessions, and that does not seem to work. I get a new session id, etc., but my SSL login is maintained. Is there any way to forcibly reset the SSL logins globally, and trigger this reset from PHP, HTTP headers, or similar manner? Obviously, this needs to be solely server-side...the most the end user should see is the new login dialog box.