I have an application secured with HTTP Authentication (RFC 2617). The protocol doesn't provide for "logout" but I'd like to provide the user a way to close a session.

If there was a way I could use JavaScript to tell the browser "forget the cached info for this user of this system" (the nonce, the opaque, the password, something), then the next GET would not include an Authorization header and I'd have accomplished logout without needing protocol or server support.

But I don't know what to set or what clear or what function to call, if there even is one. Is there a way to programatically tell a browser, "Flush your cached security information"?