say i have basic authentication for some resources. the user first has to login, no problem. But what if the user wants to logout? The desired should be that the user can still view other non-protected web pages and if the user wants to view those protected pages, it should prompt the user to login again. How to do this?
It depends on how you are doing the authentication. If you are doing it yourself, you can put something in the session when they login successfuly. When they logout, delete that from the session. They can still look at other pages. If they try to look at a protected page, it will look for that value in the session and reprompt them.