When you create a website with basic auth there is an unfortunate consequence in that there is no built-in method for logging out the user. Since basic auth username and password are stored on the client side, the server actually has no power to remove what is stored in the user browser’s cache. The solution? Create a log out screen where the user is prompted to put in the wrong password. This is usually counter-intuitive to most log out systems but is unfortunately the only way to get the client’s own browser to replace what is in the basic auth cache. A good example for how to set up the code in order to make this happen can be found at the following website: http://php.net/manual/en/features.http-auth.php.