I think you are going to find that this is highly browser-dependent as well... in general basic auth does not support forcing a user to re-authenticate! http://httpd.apache.org/docs/1.3/howto/auth.html#basicfaq