We help IT Professionals succeed at work.

Remove $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']

portal123
portal123 asked
on
Hello, when I get to logout page, I'd like to remove $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']

How can I get it?
Comment
Watch Question

unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
Top Expert 2007

Commented:
unset does not work in this case. You have to send headers to reauth the user, so the remote browser know the credentials are no longer valid , but tat will be very confusing for the enduser

function authenticate() {
    header('WWW-Authenticate: Basic realm="Test Authentication System"');
    header('HTTP/1.0 401 Unauthorized');
    echo "You must enter a valid login ID and password to access this resource\n";
    exit;
}

Why do you want to unauth the user in that case?

Commented:
why not use $_SESSION variables to authenticate, you can't unset $_SERVER variables.

Author

Commented:
Hello, guys.

unset does not work.

To hernst42, Reason what i unauth is when a user can access to admin pages  again he can get in there without id,password.

To nplib, this is for mobile site and some mobile browers do not accept session variables. $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_USER']  are OK on them.

Thanks,portal
Commented:
because you can't unset a $_SERVER variable. They exist as part of the server.

why not set these variables to be empty, then test for this emptyness for your login/logout purposes.


$_SERVER['PHP_AUTH_USER'] = "";

if (empty($_SERVER['PHP_AUTH_USER'])) {
   do stuff
} else {
  do other stuff
}

Author

Commented:
thanks