If someone has authenticated himself with a BASIC log-in dialog, he will stay so in successive requests. Is it possible to dismiss the authentication, e.g. after a time-out or if the user requests so (a log-out button).
SCJP 1.4 (81%)<br />SCWCD 5 (95%)
posted 9 years ago
The browser will continue to send the authentication header until it's closed. In that sense, you can't log out. But nothing stops you from invalidating the server session once a user clicks on "log out".