The problem is that WebSphere will not only drop the LTPA and SSO cookies (which they will remove) but that Basic authentication puts some header values in the HTTP headers that WebSphere won't remove. Since the browser keeps sending them it'll keep relogging you in each time you visit a protected page.
I think you'll have to zap the HTTP basic authentication headers, too.
Kyle
------------------
Kyle Brown,
Author of
Enterprise Java (tm) Programming with IBM Websphere
See my homepage at
http://members.aol.com/kgb1001001 for other WebSphere information.