Programmatically clear IE 6 SP1's cached credentials

If you're using IE6 SP1 with Outlook Web Access (or
any web application that uses HTTP authentication), you don't need to have forms-based
authentication enabled or an ActiveX
control installed in order to make clicking logoff really log you off. There's
a new script call in IE6 SP1 that can clear cached credentials programmatically. It
is actually an entrypoint to the existing WinINET API mentioned in the above ActiveX
article. We convinced the IE team that this entrypoint was needed, and they added
it for us in SP1.

This only works if the user is prompted for username/password,
such as with basic credentials. In that case, the credentials are cached in the browser
process, so as long as that instance of the browser (iexplore.exe) is running, the
user won't be prompted for credentials for that site again. If you're logged into
the domain and using Windows Integrated Authentication, the client isn't prompted
for credentials and they aren't cached - the browser and server will re-negotiate
the authentication on new connections as needed.

Open logoff.asp (from Program Files\Exchsrvr\Exchweb\Bin\Auth\USA)
and you'll see how this is done:

    document.execCommand("ClearAuthenticationCache","false");

You could add this call to the logoff.asp page in Exchange
2000 SP2 if desired, but keep in mind that updates to Exchange (such as service packs)
may overwrite the logoff.asp and your changes would be lost. For more information
on customizing OWA, see this white
paper.