When using basic authentication apache style (or any web server using basic HTTP authentication) the login credentials are stored on the browser this has the unpleasant side effect that it is simply not possible to provide an effective "logout" function.

The only way to actually log out of such a site is to shut your browser down or if the browser supports it, clear the login credentials. (Even this is not always reliable because the browser may not know which cookies/credentials/form variables to clear)

Workarounds for this style of authentication include things like sending the client browser a header stating their credentials were not accepted, but the user could simply cancel and sign on to another page anyway.

When using sites that use this type of authentication it is usually best to restart the browser when done, to ensure your password is not preserved. (even then, some browsers may choose to cache this information)

If a logout function is imperative you can restrict your application(s) to using GenieGate on an API level, this will work (since the login credentials are stored on the server).

There is nothing server-side that can deal with this problem reliably. If a web application claims to offer this functionality (with HTTP authentication) it is strongly recommended that you question it. There is almost certainly a way to undermine it.