Hi guys,

is there anyway to unset $_SERVER than to close the browser?

I have tried

unset ($_SERVER['PHP_AUTH_USER'] );

or even

unset ($_SERVER);

it unset but after you have refreshed it the $_SERVER comes back again.

Hope to hear from you guys.Thanks

Yeah,that it is meant to be but is there something to unset it for example I want to logout of the site so I would need that $_SERVER variable anymore?I mean can it work like sessions or cookies?

Yeah,that it is meant to be but is there something to unset it for example I want to logout of the site so I would need that $_SERVER variable anymore?I mean can it work like sessions or cookies?

not as far as I can tell...there is a section in the php manual that explains forcing a new login prompt to be displayed in some browsers (see example # 3 here). -- but seems to be no way to unset the variable itself


is there a reason to not just use a session/cookie, login form, and a user/password database?

First of all the site I am editing has no database management and authentication username and password comes from third party sites not from the site.Second,I think sessions/cookie cannot handle great security on the site.If I push to handle this issues by applying database management,I will have to edit the whole site itself...

What do you think?

not having database connectivity would definitely thwart setting up your own log in/out system...

as far as security goes, basic authentication is about the worst, as it sends unencrypted 'plain text' which anyone who might be sniffing on the network can surely grab. Does the third party connection come over a secure connection (https://) ?

sessions are definitely your best bet, I usually use them in conjunction with a username/encrypted password from a mysql database...

This article has been dead for over six months. Start a new discussion instead.