downloads | documentation | faq | getting help | mailing lists | licenses | wiki | reporting bugs | php.net sites | conferences | my php.net

search for in the

Voting

Please answer this simple SPAM challenge: four plus four?
(Example: nine)

The Note You're Voting On

sl at netcentrex dot net
8 years ago
This forces an instant re-authentication:

// Force a logout.
function imt_logout()
{
    global $_SESSION;
    global $HTTP_SERVER_VARS;
    global $PHP_SELF;
   
    // We mark the session as requiring a re-auth
    $_SESSION['reauth-in-progress'] = 1;

    // This forces the authentication cache clearing
    header("WWW-Authenticate: Basic realm=\"My Realm\"");
    header("HTTP/1.0 401 Unauthorized");
   
    // In case of the user clicks "cancel" in the dialog box
    print '<a href="http://'.$HTTP_SERVER_VARS['HTTP_HOST'].$PHP_SELF.'">click me</a>';
    exit();
}

// Check login
function imt_login()
{
    global $_SERVER;
    global $_SESSION;
    global $REGISTERED_USERS;

    // the valid_user checks the user/password (very primitive test in this example)
    if (!valid_user($_SERVER['PHP_AUTH_USER'], $REGISTERED_USERS))
    {
        session_destroy();
        header("WWW-Authenticate: Basic realm=\"My Realm\"");
        header("HTTP/1.0 401 Unauthorized");
        exit();
    }

    // OK, the user is authenticated
    $_SESSION['user'] = $_SERVER['PHP_AUTH_USER'];
}

Assuming that your page.php?action=logout forces a reauth on the same page, start your page with:

session_start()
if ($_REQUEST["action"] == "logout")
{
    if (isset($_SESSION['reauth-in-progress']))
    {
        session_destroy();
        header("Location: http://".$HTTP_SERVER_VARS['HTTP_HOST'].$PHP_SELF);
    }
    else
        imt_logout();
}
   
imt_login();

<< Back to user notes page

 
show source | credits | stats | sitemap | contact | advertising | mirror sites