I am having an issue with web browsers (any) temporarily remembering username and password combinations for a website I am creating. I am using LDAP to authenticate to an MS AD.

Here is the scenario:

I go to my site. Click a password protected directory and I am prompted with a dialogue box for username/password. I enter the appropriate information and I am let through. I can look around that hole page (and any subsequent page) without having to pass my user/pass ever again.

The next page is a default "Index of" page. I click the "Parent Directory" link or my browser's "Back" button to get back to the main site.

I click a new password protected link (not the same as the one above). Again, I am prompted for password and user name (different set this time) and again I happily comply. Again the next page is a default "Index of" page. Again I click the "Parent Directory" link or my browser's "Back" button to get to the main site. Again I can roam about that directory no problem without user/pass being asked again.

I then click the original password protected directory. I am prompted again for a username/password. However, the "username" portion is already filled in with the correct username. (Not bad ). So I comply with the password. The first some it doesn't work. The second time I am let though. However, if I click any links on any subsequent page that is under that directory I am prompted for my user/pass every time.

If I go to the second password protected directory I am not prompted at all.

This behavior only arises out of Internet Explorer (both 6 and 7), but not FireFox. As much as I would LOVE all my users to switch to Firefox ( ) I am a lone *NIX man in a Windows Shop...

I have also tried using Apache to Authenticate using Kerberos and it only keeps track of one set of credentials. I have also tried using a MySQL integration but it yields the same result as the LDAP above.

Like I said solutions to the issue are as I see them:

Use Firefox :-D
Close and reopen IE

I know that above is probably as clear as mud, but any help/guidance would be apreciated....

The desired result would be have the user prompted for a password everytime they click on a Password protected link, when the go back to the main page have their credentials "forgotten" and have them get re-prompted, and finally once authenticated to a directory they should be allowed to roam about that directory unfettered by user/pass requests.

Thanks for your time.

Do you mean a session based web application? When you authenticate against a web app, the browser stores a session cookie.
Every subsequent interaction with the website (every http request, containing this session cookie) allows the user to
browser the password protected things.

With a logout button, you throw away the session cookie, and the session is closed.

(Hope this helps a bit, though)