Any chance there is a methodology with which I may identify when a browser is sending me a retry-with-authorization request?
Intention: To issue a response which ultimately brings up the browser's log-in dialog. Yes, I'm trying to implement the already well-known inability to 'log-out' after browser authentication. The issue: To quote RFC 2616 sec 14.8 A user agent that wishes to authenticate itself with a server-- usually, but not necessarily, after receiving a 401 response--does so by including an Authorization request-header field with the request. I cannot differentiate between this 'including an Authorization request-header' and a request where the log-in dialog was displayed and the user entered their user-name and password. Both are responses to 401 server-response. The only way (and it is not even near acceptable) would be to use the elapsed time between the 401 response and the subsequent request. I appreciate any help but expect answer is both 'we already told you that can't be done' and 'no you can't do it.' -Ryan