If browser-based authentication is used, you'll find that even if you use the default logout link, when you return to the site you are not prompted for your credentials again. This even happens if "remember this password" is not checked in the browser popup which collects the username and password.
Unfortunately, browsers cache the credentials for the page, and simply resend the username and password automatically. Probably the best solution to this is disable browser authentication and use the supplied login page. There's an option in the HTTP/HTTPS settings to do that.
