Destroying $_SERVER session?
https://stackoverflow.com/questions/1066702
-
21-08-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Okay so I'm not using any session variables, rather my code looks like this:
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Enter your Twitter username and password:"');
header('HTTP/1.0 401 Unauthorized');
echo 'Please enter your Twitter username and password to view your followers.';
exit();
}
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
So, my question is, how can I destroy this login session when the user wants to sign out of their (in this case) twitter login credentials?
Solution
All you can do is to send another 401 header. The browser will usually "forget" the old value, pop up another user/pass input dialog and if users then press the "abort" button they are "logged out". Two drawbacks:
- The "abort the login to logout" dialog may surprise users a bit
- "usually" means: better not depend on it.
edit: And has already been answered, HTTP authentication logout via PHP
OTHER TIPS
There is no way to destroy an http authentication login server side. This is one of the biggest disadvantages of this form of login.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
