Don't know of any way to do an actual log-out routine.
For instance, make a directory "/logout" and make the .htaccess there use a different file of usernames and passwords. If your user goes there, they will get asked for a username/password, but when they try theirs, they will get denied. This makes the browser forget the password. Your auth denied page for this directory should be something like "You have been logged out".
It's pretty crude, and somewhat confusing, but there aren't many other alternatives. That's one reason not a lot of people use basic auth such as with .htaccess.
Since browsers first started implementing basic authentication, website administrators have wanted to know how to let the user log out. Since the browser caches the username and password with the authentication realm, as described earlier in this tutorial, this is not a function of the server configuration, but is a question of getting the browser to forget the credential information, so that the next time the resource is requested, the username and password must be supplied again. There are numerous situations in which this is desirable, such as when using a browser in a public location, and not wishing to leave the browser logged in, so that the next person can get into your bank account.
However, although this is perhaps the most frequently asked question about basic authentication, thus far none of the major browser manufacturers have seen this as being a desirable feature to put into their products.
Consequently, the answer to this question is, you can't. Sorry.
Amoore- your solution would work but is just as much work for the user as closing and restarting the browser.
I think I will just start redesigning this section in PERL. Live and learn.
Ask for password:
once per session
every time it's needed
After X mintues
