--00163646d4fada03910470789f03
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Correct.  HTTP Basic Authentication is done via the browser.  The only real
way to 'log out' of HTTP Basic Authentication is to clear ALL of your
authenticated sessions via your browser settings.  If you want an
authentication scheme that you can truly log out of, you'll have to use
something like a session-based scheme.

--
Bryan

On Thu, Aug 6, 2009 at 6:03 AM, Richard Conroy <richard.conroy / gmail.com>wrote:

> On Thu, Aug 6, 2009 at 4:18 AM, Tony Tony <slythic / gmail.com> wrote:
> >
> >
> > So I get a window asking me to ender my credentials when going to
> > /protected and it logs me in. Once logged in though, I would like to be
> > able to log out. I know the solution to this must be super easy but I
> > just can't get it to work.
> >
> >
> Actually, this may be a limitation of HTTP basic authentication - there is
> no way to inform the browser that you wish for its credentials cache to
> expire.
>
> I am not certain of this, but I have seen this complaint raised before. You
> might want to follow this up and see if the problem is a general one,
> before
> banging your head trying to find a Sinatra specific solution.
>
> Richard
>

--00163646d4fada03910470789f03--