The 5th Annual China PHP Conference

Voting

Please answer this simple SPAM challenge: five plus zero?
(Example: nine)

The Note You're Voting On

ceo at l-i-e dot com
6 years ago
To force a logout with Basic Auth, you can change the Realm out from under them to a different Realm.

This forces a new set of credentials for a new "Realm" on your server.

You just need to track the Realm name with the user/pass and change it around to something new/random as they log in and out.

I believe that this is the only 100% guaranteed way to get a logout in HTTP Basic Auth, and if it were part of the docs a whole lot of BAD user-contributed comments here could be deleted.

<< Back to user notes page

To Top