httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] kill .htaccess session
Date Tue, 13 Jul 2004 18:00:13 GMT
On Tue, 13 Jul 2004 12:38:24 -0500, redhat <> wrote:
> I have a few Linux servers that use internally for some minor web
> applications that I have written.  Most of these are used only by myself
> and my assistant.  I have some sensitive information on here as well as
> other information that I need when going from one user's computer to
> another that needs to be kept private.  I tried using PHP and MySQL
> authorization and got it to work on the parent page but if someone
> pulled up the history and went to a subsequent page it would let them
> right in without user/pass.  I like .htaccess because it keeps the
> entire directory secure enough for me.  My problem is this, it seems to
> keep the session open for an unspecified period of time.  I know in PHP
> I can kill the session by issuing another variable with a null value.
> How can I do this using .htaccess?  Any help appreciated.

This is basically impossible.

To start, the session is entirely in the hands of the browser.  The
browser chooses when to send a password and when not to.  Most
browsers will only forget the password if you shut them down.

Googling for "htaccess logout" will give you various ideas for trying
to trick the browser into forgetting the password.  But I don't know
of any that are foolproof.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message