I'm using Apache "Auth" security to limit access to my web site (via commands in the .htaccess file, an .htpasswd file, etc).
Is there a way to de-authorize a user via my PHP script, effectively giving them a way to log out?
Asked
Active
Viewed 832 times
0
-
And the answer is: Not really. This question has been asked before, put "trac" into your search. – hakre Mar 07 '12 at 23:06
-
Ok, thanks. I asked on the unix stackexchange site, and didn't see it there, but I'll search for 'trac'. – Eric Mar 07 '12 at 23:07
-
There is one ticket in the trac trac that is about that which contains a lot of insighful information. At least one SO question links that, but I don't remember the link out of my head. – hakre Mar 07 '12 at 23:09
-
Similar to http://stackoverflow.com/questions/449788/http-authentication-logout-via-php – Martin Mar 07 '12 at 23:15
3 Answers
2
With that type of authentication, the username and password are actually send by the browser on every subsequent request. As there's no way to tell a browser "hey, stop sending those", there is no way to do what you're trying to do.
(If, however, you had a PHP script involved that was handling part of the authentication, you could set a session variable for flagging to ignore the valid authentication and pretend the user is logged out.)
However, in terms of a good solution, there is not one. The user will stay logged in until his or her browser decides to stop sending the headers (usually when the browser is closed).
Corbin
- 33,060
- 6
- 68
- 78
1
<?
// this PHP will cause a logout event, and give the login prompt again
$AuthName='WHAT-EVER'; // must match AuthName in .htaccess.
header('HTTP/1.0 401 Unauthorized');
header('Content-type: text/html');
header('WWW-Authenticate: Basic realm="'.$AuthName.'"');
// now redirect them when they click cancel
// should be to a page with no password required.
// use an HTML meta redirect instead of HTTP
// so it runs after the auth is cancelled.
?>
<html><head><meta http-equiv='refresh' content='0;../'></head></html>
Jasen
- 11,837
- 2
- 30
- 48
