Page 1 of 1

mod_auth and logoff

Posted: Mon Sep 29, 2003 10:01 am
by junky
hi guys, id like to kill a session authorized by mod_auth.
ive tried to unset($_SESSION), without success :(
i dont wanna close the browser, i just wanna the user re-confirm his password if he wants continue into the members' area.
thanks.

Posted: Mon Sep 29, 2003 10:12 am
by delorian
First of all, read the apache manual for mod_auth: http://httpd.apache.org/docs/howto/auth.html

You should know that mod_auth doesn't have anything to do with PHP sessions. Try unset the PHP_AUTH_USER and PHP_AUTH_PW variables, first, and watch what will happen.

Posted: Mon Sep 29, 2003 10:56 am
by junky
ive tried to:

Code: Select all

unset($_SERVERї'PHP_AUTH_USER']);
unset($_SERVERї'PHP_AUTH_PW'])
and its still the same.
its like the vars in $_SERVER are read-only.
any others solutions?
thanks

Posted: Mon Sep 29, 2003 3:50 pm
by delorian
I've told something, that I shouldn't. Here's some extract from manual, to which I gave you this link.
Apache Manual FAQ wrote:How do I log out?
Since browsers first started implementing basic authentication, website administrators have wanted to know how to let the user log out. Since the browser caches the username and password with the authentication realm, as described earlier in this tutorial, this is not a function of the server configuration, but is a question of getting the browser to forget the credential information, so that the next time the resource is requested, the username and password must be supplied again. There are numerous situations in which this is desirable, such as when using a browser in a public location, and not wishing to leave the browser logged in, so that the next person can get into your bank account.

However, although this is perhaps the most frequently asked question about basic authentication, thus far none of the major browser manufacturers have seen this as being a desirable feature to put into their products.

Consequently, the answer to this question is, you can't. Sorry.

Posted: Mon Sep 29, 2003 5:09 pm
by junky
thanks for the information delorian.
I thinking about an alternative way to do it.
if someone can help me, suggestions are welcome :)

Posted: Tue Sep 30, 2003 1:07 am
by delorian
http://php.net/manual/en/ref.session.php
http://php.net/manual/en/ref.http.php

as for start, and search for:

sessions cookies

on this forum. There're several topics about this stuff, and of course read some articles on the inter.net GS ->
http://www.google.com/search?q=php+auth ... 8859-1&lr=

Posted: Tue Sep 30, 2003 11:07 pm
by junky
i think ive read enough to get that mod_auth isnt related to sessions in php nor to cookies.

its an extern module attached to apache web server.

we didnt find a way, so we'll keep trying to find a way :cry:

Posted: Wed Oct 01, 2003 1:50 am
by delorian
Hmm, By writing those links, I just gave you an alternative to mod_auth. There's no other option to authorize web-page user than mod_auth (mod_digest) OR sessions OR cookies when you are using Apache and PHP. So if you are saying that you read those, i think that now it should be simple to write your own simple(for begining) system. On this forum there are plenty of examples of doing it.

Posted: Wed Oct 01, 2003 9:46 am
by junky
thanks a lot for your support delorian.
its cause people like ya that i'll participate a bit more in this forum :)
continue your great job 8)
later