Have a page which is credentialed with htaccess. Amazingly, after all these years, this is no mechanism within htaccess to "logout" a credentialed user. After lots of (dispiriting, this subject is not one of the shining examples of nice people) searching, I came up with trying this:
<?php
session_start();
var_dump($_SESSION);
$a =& $_SESSION;
unset($_SESSION);
$a['x'] = 1; // $a refers to the original $_SESSION
$_SESSION['x'] = 2; // new unrelated array
session_write_close();
?>
as a page called "logout.php" with a link on the index page that had been used to credential the user.
page loads, but when I go back to the index page the page shows up without prompting for credentials.
This might be one of those times when people need to see the page. I'm loath to post the page but if you are feeling quite curious you can message me and I'll send you the link.