Chapter 5: Central Authentication System 143 (Web host server) app_auto_connect =>
Chapter 5: Central Authentication System 143 app_auto_connect => TRUE, app_type => WEB , app_debugger => $OFF ) ); $thisApp->buffer_debugging(); $thisApp->debug( This is $thisApp->app_name application ); $thisApp->run(); $thisApp->dump_debuginfo(); ?> The logout.php application calls the is_authenticated() method of the class.PHPApplication.php object and, if the user is authenticated, it calls its own logout method. This method calls the session_unset() and session_destroy() methods, which are part of PHP s built-in session management API. The session_unset() method simply makes the session variables as if they were never set before. The effect of session_unset() in our login scenario is that session variables such as SESSION_USERNAME and SESSION_ATTEMPTS are unset. Similarly, the session_destroy() method removes the entire session (file or database record) from the session storage. The full effect is that the user loses her session and will need a new login session to work with applications that require the central login facility. The logout.php application uses the logout.conf file shown in Listing 5-8. This configuration file is very similar to the login.conf and requires no further explanation except that the $HOME_URL is a new entry. This variable sets the URL, which is used to redirect the logged out user to a central page. Typically this URL would be set to the home page of the intranet or Internet site. Listing 5-8: logout.conf