> >password as expected. It all works. However, my customer has asked for
> either a
> >timeout, a [Logout] button, or both so that the browser basically
> 'forgets' the
> >user id. This would then remove the requirement for the user to close down
> the
> >browser when they leave their system.
>
> Exactly. The Basic Authentication scheme requires that the username and
> password be sent with each request; most browsers store this information
> after it has been entered once, and hang onto it until they are closed down.
The way I've done this in the past is to have a logout button
that loads a page that's password-protected under another realm.
It's kind of suboptimal, but it might serve as a starting point.
