1

Possible Duplicate:
HTTP authentication logout via PHP

I’m using .htaccess (and .htpasswd) to protect a folder in my website. This works fine, when I login for the first time, from any computer, I’ve been requested to enter the login and the password in order to access to the protected folder. My problem is that the login screen appears only once, so after the first login I can access to the protected folder anytime without the login screen.

How can I make the login screen to appear for each time that I try to access this folder?

P.S. In the login screen, “Remember My Credential” checkbox is empty and cleaning cookies, passwords etc’ in the browser history under “Safety”, still doesn’t help.

The following is my .htaccess file:

AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /home/mysite/.htpasswd 
AuthGroupFile /dev/null 
require valid-user

Is it anyhow related to this code line: AuthType Basic ?

Thanks for any advise,

Aad Mathijssen
  • 630
  • 9
  • 22
blsn
  • 1,077
  • 3
  • 18
  • 38
  • Not exactly… my question wasn’t concerning secure login-out but regarding password’s remembered. – blsn Aug 20 '12 at 15:01

2 Answers2

3

You can't (as the browser is caching the password), unless you're changing the password or send a 401 even after the first successful request.

"Remember my credentials" only applies to passwords saved after closing the browser, you can't prevent it during a session.

AuthType Basic just sets the "encryption" of the password.

tstenner
  • 10,080
  • 10
  • 57
  • 92
3

When using HTTP Basic Auth, the browser will remember the password until it is exited.

If you want to be prompted to reenter the password every time you visit a page, then you will need to use some other kind of authentication mechanism (e.g. one based about HTML forms).

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335