Okay so I'm not using any session variables, rather my code looks like this:
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Enter your Twitter username and password:"');
header('HTTP/1.0 401 Unauthorized');
echo 'Please enter your Twitter username and password to view your followers.';
exit();
}
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
So, my question is, how can I destroy this login session when the user wants to sign out of their (in this case) twitter login credentials?
There is no way to destroy an http authentication login server side. This is one of the biggest disadvantages of this form of login.
All you can do is to send another 401 header. The browser will usually "forget" the old value, pop up another user/pass input dialog and if users then press the "abort" button they are "logged out". Two drawbacks:
edit: And has already been answered, HTTP authentication logout via PHP
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With