Hey all,
New problem. I really hope there's something simple to do to fix it. Check out this
scenario and tell me if there's a step that I'm missing.
Inside my common footer on my site the very first call is to an include called
UserAuth.inc.php.
UserAuth.inc.php checks $REQUEST_URI to see if the present directory or URL is
protected or not.
If it is protected then it checks to see if $PHP_AUTH_USER is set. If it is then it
runs through the usual HTTP Authentication. If it fails it goes to a failure page, if
it succeeds then it logs the user in.
Now I can surf around on the site and that same authentication will continue to be
used for the rest of the site where ever another protected directory or file is found
(as to be expected).
Now to logout I have a page called logout.php. If you go to this page (which also
includes the same footer) there is another action that takes place.
If the $REQUEST_URI contains logout.php then I print the same "401" header that I
print for authentication and unset $PHP_AUTH_USER, $PHP_AUTH_PW and $AUTH_USER.
$AUTH_USER is the user authentication object in my class file UserAuth.class.php. I'm
just unsetting this so that no code will still have record of the old authentication
object to do anything with.
Now if I try to read the $PHP_AUTH_USER or $PHP_AUTH_PW variables anyplace on the site
they don't exist, until I go back to one of the protected pages. Then they
miraculously re-appear and are readily available once again without requiring the user
to log back in.
If you've got any ideas, suggestions, guesses or references, please reply. I've run
out of ideas. I can also provide the code that I'm using if you think it might just be
a problem with my logic. I don't think this is the case as I shouldn't be able to read
any variable that has been unset, but like I said, I'm running out of ideas.
System: RedHat 6.1-6 i686 Kernel 2.2.13
Server: Apache 1.3.12
PHP: 4.0.3pl1
Thanks,
Toby
