On Fri, May 18 2018, Carsten Schulze wrote: > When I press the Logout link, I get a windows with a new > Authentification Request. Now I cancel that and get the following > message. > > Logged-out > > Close the browser to complete the logout. Ok, most people think they > could close the current browser tab, but they really have to close the > whole browser and reopen it again. That is not logical and no one > understands why. > > Is there another way to destroy the login cache?
This only happens with http authentication. Now, with most modern browsers (FF, Chrome for sure), you don't need to close the browser. To invalidate the cache we have to feed the browser a request which we deny. This results in the auth prompt that you see. I was thinking of hiding it by performing a background request, and according to my tests it still does invalidate the cache correctly, but I didn't have time to implement it yet. As far as I know, there's no other way to invalidate the auth cache. I'd be happy to know if there is a better method. On IE <= 7 though, the cache is never invalidated. You really *need* to close the browser to logout.