Posted on 2008-01-27
Medium Priority
Last Modified: 2013-12-12
Hello, when I get to logout page, I'd like to remove $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']

How can I get it?
Question by:portal123
LVL 16

Expert Comment

by:CWS (haripriya)
ID: 20757207
LVL 48

Expert Comment

ID: 20757258
unset does not work in this case. You have to send headers to reauth the user, so the remote browser know the credentials are no longer valid , but tat will be very confusing for the enduser

function authenticate() {
    header('WWW-Authenticate: Basic realm="Test Authentication System"');
    header('HTTP/1.0 401 Unauthorized');
    echo "You must enter a valid login ID and password to access this resource\n";

Why do you want to unauth the user in that case?
LVL 17

Expert Comment

ID: 20759093
why not use $_SESSION variables to authenticate, you can't unset $_SERVER variables.
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


Author Comment

ID: 20784609
Hello, guys.

unset does not work.

To hernst42, Reason what i unauth is when a user can access to admin pages  again he can get in there without id,password.

To nplib, this is for mobile site and some mobile browers do not accept session variables. $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_USER']  are OK on them.

LVL 17

Accepted Solution

nplib earned 2000 total points
ID: 20787055
because you can't unset a $_SERVER variable. They exist as part of the server.

why not set these variables to be empty, then test for this emptyness for your login/logout purposes.


if (empty($_SERVER['PHP_AUTH_USER'])) {
   do stuff
} else {
  do other stuff

Author Closing Comment

ID: 31425558

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

592 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question