Here's an explanation of why you can't do a basic auth logout: http://httpd.apache.org/docs/1.3/howto/auth.html#basicfaq
The only way I have ever seen it implemented is JavaScript that closes the user's browser - which of course generates a security warning and may not work. I have seen various ideas floated where you tie the realm you set during the initial authentication to a session ID and then invalidate the session ID on logout so that even though the browser keeps sending the basic auth header on the server side you check the realm against the session ID and force reauthentication because the session ID isn't valid. I have never seen anyone implement that successfully - it has all sorts of issues I could see. Paul McMahon --- On Tue, 10/13/09, Ben Short <[email protected]> wrote: From: Ben Short <[email protected]> Subject: Logout To: [email protected] Date: Tuesday, October 13, 2009, 2:20 PM Hi, I need to add a link that allows users to logout of my website. After trawling the web I haven't found a way to logout a user while using http basic authentication. This seems like a bit of a killer for me. Can anyone suggest how I might proceed? Regards Ben Short
