Henning Wangerin wrote:
>On Fri, 2004-12-10 at 10:18, Manuel Kasper wrote:
>>You can't really "logout" with HTTP authentication; you'd have to convince
>>your browser to forget the login credentials that you entered, so it's a
>>browser issue. There's no "session" on m0n0wall that could be killed; the
>>credentials are sent with each request. We could return a 401 response, as
>>this makes some browsers clear the cached credentials, but AFAIR this
>>isn't necessarily true.
>It ISN'T true. Had that discustion with a customer some years ago, so I
>had to convince him ;-)
>I tested most browsers available at that time, and as far as I remember,
>about 1/3 of them I tested didn't forget the credentials.
You could change the authentication realm... This has been a suggested
in more than a few PHP books. It's a hack, it's not too inelegant (sp?)
and it works.