I don't think that's possible - as far as I know, the only thing you can do is send a 401 unauthorized status code and a WWW-Authenticate: header, which will request a user/password. There seems to be no way to change the user's authentication without their involvement.
I'm not sure why but back when I used basic auth I could never get that to work fully. The user had to press OK without a username and password filled in and then Cancel the next time the login box popped up.