Right now when a user calls logout on the HttpBasicAuthenticationModule the library clears all the cookies for the URL the module providing authentication for. Is this correct? If not is it correct enough? How is everyone else handling log outs and cookies?