Browsers usually don't support this, see How do I log out?

浏览器通常不支持此功能，请参阅如何注销？

Since browsers first started implementing basic authentication, website administrators have wanted to know how to let the user log out. Since the browser caches the username and password with the authentication realm, as described earlier in this tutorial, this is not a function of the server configuration, but is a question of getting the browser to forget the credential information, so that the next time the resource is requested, the username and password must be supplied again. There are numerous situations in which this is desirable, such as when using a browser in a public location, and not wishing to leave the browser logged in, so that the next person can get into your bank account.

However, although this is perhaps the most frequently asked question about basic authentication, thus far none of the major browser manufacturers have seen this as being a desirable feature to put into their products.

Consequently, the answer to this question is, you can't. Sorry.

自从浏览器开始实施基本身份验证以来，网站管理员一直想知道如何让用户退出。由于浏览器使用身份验证领域缓存用户名和密码，如本教程前面所述，这不是服务器配置的功能，而是让浏览器忘记凭据信息的问题，以便下次请求资源，必须再次提供用户名和密码。在许多情况下，这是可取的，例如在公共场所使用浏览器时，并且不想让浏览器保持登录状态，以便下一个人可以进入您的银行帐户。

然而，尽管这可能是有关基本身份验证的最常见问题，但迄今为止，没有一家主要浏览器制造商认为这是将其放入其产品中的理想功能。

因此，这个问题的答案是，你不能。对不起。

There are browser extensions that allow you to clear the HTTP authentication for a site. For Firefox the WebDeveloperextension (which is one of my favourtie extensions anyway) offers this feature. The menu for this is Miscellaneous/Clear Private Data/HTTP Authentication.

有些浏览器扩展允许您清除站点的 HTTP 身份验证。对于 Firefox，WebDeveloper扩展程序（无论如何这是我最喜欢的扩展程序之一）提供了此功能。这个的菜单是Miscellaneous/Clear Private Data/HTTP Authentication。

Tested on firefox and chrome. What you can do is send the user to http://logout:[email protected]. This will replace their current username/password with logout/logout (it could be any invalid user/pass combination) and since they now have the wrong username/password, they will have to login again to access the site.

在 firefox 和 chrome 上测试。您可以做的是将用户发送到http://logout:[email protected]。这将用注销/注销（它可能是任何无效的用户/密码组合）替换他们当前的用户名/密码，并且由于他们现在拥有错误的用户名/密码，他们将不得不再次登录才能访问该站点。

On opera this does not work, because you can have several usernames/passwords at the same time. It didn't work on IE either, because IE does not appear to support http://username:[email protected]URLs.

在歌剧上这不起作用，因为您可以同时拥有多个用户名/密码。它也不适用于 IE，因为 IE 似乎不支持http://username:[email protected]URL。

I ran into this issue several years ago. It is incredibly frustrating to discover there is a problem everyone is having and no one seems to want to solve in a general way.

几年前我遇到了这个问题。发现每个人都有一个问题，而且似乎没有人想要以通用的方式解决，这是非常令人沮丧的。

As noted in Inadequate Logout functionality in HTTP AuthenticationI think the answer is to change the RFC to allow timeouts and support a log out button. The author's additional suggestion that the server be able to send a "log out" header would actually eliminate the need for anyclient user agent support since websites could simply include a link on a web page to a URL that returns the necessary response code and/or header to invalidate the current session.

正如HTTP 身份验证中的注销功能不足中所述，我认为答案是更改 RFC 以允许超时并支持注销按钮。作者的额外建议是，服务器能够发送“注销”标头实际上可以消除对任何客户端用户代理支持的需要，因为网站可以简单地在网页上包含一个指向 URL 的链接，该链接返回必要的响应代码和/或标头使当前会话无效。

It IS kind of possible to log out. You should implement logout page, which will return HTTP 401, until the user enter BAD login information, and then redirect somewhere else. Browser remembers the latest login information accepted, and therefore overrides correct login.

注销是可能的。您应该实现注销页面，它将返回 HTTP 401，直到用户输入错误的登录信息，然后重定向到其他地方。浏览器会记住接受的最新登录信息，因此会覆盖正确的登录信息。

But this is kinda unusable, cos it needs user's cooperation.

但这有点不可用，因为它需要用户的合作。