BASIC auth does not have a notion of a logout. You need to use FORM auth in order for the session invalidation to result in a logout.
Can you show me the sample of using FORM auth ?
See http://jakarta.apache.org/tomcat/tomcat-4.0-doc/realm-howto.html (at the bottom):
"The example application shipped with Tomcat 4 includes an area that is protected by a security constraint, utilizing form-based login. To access it, point your browser at http://localhost:8080/examples/jsp/security/protected/ and log on with one of the usernames and passwords described for the default MemoryRealm."
If you using a database to store the user credentials and are able get FORM authentication to perform correctly, please post or send me a copy of the steps you followed. I have been dealing with FORM authentication issues (http://jboss.org/index.html?module=bb&op=viewtopic&t=45714).