Ideally, you expire the session on the server (ie, in the DB), rather than by removing the cookie.
Common hacks people use to remove cookies are setting the expiry in the past, or to +1s, or simply to put invalid content into the cookie, which your auth mechanism will subsequently disregard. Adam -----Original Message----- From: Simon Perreault [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 22, 2005 12:26 PM To: modperl@perl.apache.org Subject: Re: Basic Authentication & logout On Wednesday 22 June 2005 11:15, Andrea Palmeri wrote: > My question is: how do I logout users which have been authenticated ? > (responding to an html link) This is basically impossible. People telling you otherwise are assuming that one browser's quirks are standard.
