dcoutts
commented
11 years ago I've read that it's possible to do this using a bit of cunning trickery. But it's true, browsers do have rather poor support for standard http authentication which we then have to live with or work around.
I think it's worth investigating these tricks. I know that trac uses (or can use) this approach. I'd really rather not force ordinary automatic clients to use a non-standard auth mechanism just because of browser UI issues. Allowing multiple (so simple clients can use standard mechanisms) would be ok but it's not desirable to duplicate things if we don't have to.
gbaz
Being able to log out is useful in a number of circumstances e.g. if you're using someone else's computer or if you have several account. Using HTTP Digest (or Basic) Auth makes it more or less impossible to log out (short of clearing your browser's stored passwords).