Clear $_SERVER['PHP_AUTH_USER']???
Posted: Thu Mar 04, 2010 1:30 pm
According to some messages I've read setting 401 in headers like so:
Will tell browsers NOT to cache the credentials. Doesn't appear to work in IE7/8
Here is my code:
When my logout function executes and stomps on sessions because the browser automatically caches credentials it logs the user back in obviously not the desired funcitonality.
I do not want to use a standard HTML form I would like to know what is wrong with this code even before I move to something more standrad.
Cheers,
Alex
Code: Select all
header('WWW-Authenticate: Basic realm="Cadorath RPI Management"');
header('HTTP/1.0 401 Unauthorized');
Here is my code:
Code: Select all
echo $_SERVER['PHP_AUTH_USER'];
exit;
if($id_user == 0){
// NOTE: Clear the browser cache of credentials we use $_SESSION for security
header('WWW-Authenticate: Basic realm="Aerospace Management"');
header('HTTP/1.0 401 Unauthorized');
if(!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])){
// NOTE: Authenticate user against database and redirect to refresh display and show management console
if($_SERVER['PHP_AUTH_USER'] == 'AlexB' && $_SERVER['PHP_AUTH_PW'] == 'AlexB'){
$_SESSION['id_user'] = 1;
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
header('Location: '.SYSTEM_SETTING_BASE);
exit;
}
}
echo 'Authentication failed. Please refresh your browser and try again.';
exit;
}
I do not want to use a standard HTML form I would like to know what is wrong with this code even before I move to something more standrad.
Cheers,
Alex