How do I "log out" a user? Know that this is not officially supported, but I need a quick and dirty hack. Saw somewhere I just throw out a 401 access denied - but anyone know the syntax
A:
http://httpd.apache.org/docs/1.3/howto/auth.html#basicfaq
Since browsers first started implementing basic authentication, website administrators have wanted to know how to let the user log out. Since the browser caches the username and password with the authentication realm, as described earlier in this tutorial, this is not a function of the server configuration, but is a question of getting the browser to forget the credential information, so that the next time the resource is requested, the username and password must be supplied again. There are numerous situations in which this is desirable, such as when using a browser in a public location, and not wishing to leave the browser logged in, so that the next person can get into your bank account.
However, although this is perhaps the most frequently asked question about basic authentication, thus far none of the major browser manufacturers have seen this as being a desirable feature to put into their products.
Consequently, the answer to this question is, you can't. Sorry.
As you can see from the full explanation above, you can't. The only workaround is to invalidate the user session and cause the browser to request username and password again.
Additionally, you can try (I haven't tried it yet) to empty the WWW-Authenticate HTTP header.
Simone Carletti
2009-08-18 12:40:03