6

Logging out of a PHP script with digest authentication

view full story
linux-howto

https://bbs.archlinux.org – This has come up all the time, and I feel like I'm just getting over the hunch of learning digest auth.  The problem is that the HTTP specifications have no definitive way to "log out" a user.  If you give the user a 401 and force them to log in again, cached credentials will permit them to log in without seeing another login prompt.  What's your method for forcing a user to login again?I think if I append uniqid() to the username or password, essentially giving it a temporary random salt, every login will be unique making the user getting asked for credentia (HowTos)