afaik, the way browsers implement basic auth, you need to close the browser and restart it in order to get it to forget the collected credentials. SOme browsers may provide a way to discard (specific) credentials without closing the browser
so I may not be underatnding your question, but if you want to be able to effect a logout, then I think you will need to change to a different auth method. then you should be able to force the logout by invalidating the authentication session.
Ron
if you decide to implement your own auth method, you might find the following useful
http://blogs.sun.com/enterprisetechtips/entry/adding_authentication_mechanisms_to_the
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=280217