[thelist] Authentication problem with Apache/PHP
Dominique Paquin
dpaquin at galeasec.com
Thu Apr 26 14:08:07 CDT 2001
Greetings!
Here's my problem:
I have a web-based application from which it is possible to log off.
The user is authenticated through a .htpasswd file and then he access the
system (php application). After that a button is displayed that can log off
the user. If he
clicks on this, the application does the following:
session_unregister() all the session variables and then
session_destroy().
Now my problem is if the user clicks back enough of time or if he manually
enter the initial .php page in the url bar, he will reach the initial page
where the user is usually authenticated throught the .htpasswd process. At
this
point the user is accepted automatically and he does not need to re-enter
his user/password.
I don't want this to be possible, i want the user to enter the user/password
again. Is their an apache command to kill the session or some other
approach to this problem???
Dominique Paquin
More information about the thelist
mailing list