Windows Authentication and IE 7

Some guys asked how to log out when Windows authentication is used for a web site. A simple answer is to close the browser if you are using Internet Explorer. The explanation is available in this KB article,

(where you should pay attention to the following paragraph)

When Internet Explorer has established a connection with the server by using Basic or NTLM authentication, it passes the credentials for every new request for the duration of the session.

But do you know how to close Internet Explorer? Actually, if you are still using IE 5 or 6, close the IE window is all that you need to do. However, while this applies to IE 7, you should notice the following scenario in IE 7.

  1. Enter a site that requires Windows Integrated authentication.
  2. Type your user name and password.
  3. Do something.
  4. Close this tab.
  5. Now open another tab.

WOW, why I don't have to type my password again? Why I am not logged out? You should close the entire IE window, not a single tab.

Note that this post also applies to IE 8.

Skip to main content