I know this is a really old article ... I mean, like 5 years ago, but I found a somewhat good solution.
Inside your protected folder, create another folder, let it "exit". Put the same .htaccess file here as in your protected folder, with the exception of a slight modification. instead:
Require valid-user
now write:
Require user EXIT
And make sure you don't have an exit! Username: D
In your protected area, your exit link or button or something else should redirect the user to this address: example.com/protectedFolder/logout
Browsers can usually only support one user registered with the same site name or domain name ... an attempt to log in to the user. Exit will overwrite everything, so the originally registered user will have to log into the protected area again.
But, as always, I can be wrong, and you still have to close the entire window of your browser and restart your computer if you want to be sure! :) In addition, this will not hurt if you tell your users what will happen when they exit system!
I tested this in chrome and in Internet Explorer 11. (It won’t work in the region, and maybe others) The solution was found here: https://www.mavensecurity.com/media/BasicAuthLogOut.pdf