At the moment we leave the browser to handle the HTTP authentication, the problem this causes is that browsers don't contain a simple way to forget credentials they have currently hashed so we have ended up with a work around to emulate a log out.

This task is to re-visit adding the authentication back into the admin console within the java script - as we are using GWT I would suggest we try and visit it in a way that other GWT developers developing their own consoles could make use of. At a central location we need to intercept all HTTP requests for the console and generate the Digest responses as required - the Logout link can then just clean the credentials cached in the console rather than being cached by the browser.