No, the logout suggestion doesn't work. Yeah, Borges deletes the session; but the newly created session gets the same username and password that the browser automatically cached. It seems there is no way around HTTP base authentication =) Vladimir Slepnev